revengerat | 7bf399fd2232c77977014fb0089ee9c6b987c8833a6dbfbd33ec5c5e2c34ee6e | Triage

Sharing

General

Target

deb5d7db2d412ffd830ade622561d486_JaffaCakes118
Size

16KB
Sample

240913-xnvjpsshkm
MD5

deb5d7db2d412ffd830ade622561d486
SHA1

e3456c0cd8290e5e1f1922968249bbeb9d31e3fa
SHA256

7bf399fd2232c77977014fb0089ee9c6b987c8833a6dbfbd33ec5c5e2c34ee6e
SHA512

82b2ee91ae3d31d1daabca4ee074bc3751748be1002e0dc26aea6db5d65c8dcc349d455c0155382da6bca11ee551de6777a6d24605f72cbc0c1e0e6df5366b9f
SSDEEP

384:dpi1PKtl50TsQb9muhNculb5sP34yu5Ct:dpi1PKtlM9wuhNf9o

Score

10^/10

revengerat guest stealer

Malware Config

Extracted

Family

revengerat

Botnet

Guest

C2

0.tcp.ngrok.io:10068

0.tcp.ngrok.io:7896

192.168.40.100:10068

192.168.40.100:7896

Mutex

RV_MUTEX

Targets

- Target
  
  deb5d7db2d412ffd830ade622561d486_JaffaCakes118
- Size
  
  16KB
- MD5
  
  deb5d7db2d412ffd830ade622561d486
- SHA1
  
  e3456c0cd8290e5e1f1922968249bbeb9d31e3fa
- SHA256
  
  7bf399fd2232c77977014fb0089ee9c6b987c8833a6dbfbd33ec5c5e2c34ee6e
- SHA512
  
  82b2ee91ae3d31d1daabca4ee074bc3751748be1002e0dc26aea6db5d65c8dcc349d455c0155382da6bca11ee551de6777a6d24605f72cbc0c1e0e6df5366b9f
- SSDEEP
  
  384:dpi1PKtl50TsQb9muhNculb5sP34yu5Ct:dpi1PKtlM9wuhNf9o
Score

6^/10
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

stealerguestrevengerat

behavioral1

behavioral2