General
-
Target
Client.exe
-
Size
111KB
-
Sample
241012-hgykfsshml
-
MD5
688a4cb70081d9edb63c1c1aa41487e1
-
SHA1
3efe438b2b4a44f2dc7f02c6e1afe980e2a116d8
-
SHA256
4f6242573cd5b7b50a3091449e2df40fa3005d14a0389931b948782d11ab27e9
-
SHA512
4f5ef2d0538a3a38748d4c2378e15cd91bd0073ac28e093be7cb86a2d9ef29aaa667f07a516a169bd0e44ab09202914c8bdae9cf5cd1f5d543ebf3388222ad2b
-
SSDEEP
3072:0Bx88hg1dtEGiymTRNE18lEqtYDeQ9SYp1+:0w8OmTRNE14WDF7p1+
Malware Config
Extracted
revengerat
Guest
Pizd11337-26540.portmap.host:26540
RV_MUTEX
Targets
-
-
Target
Client.exe
-
Size
111KB
-
MD5
688a4cb70081d9edb63c1c1aa41487e1
-
SHA1
3efe438b2b4a44f2dc7f02c6e1afe980e2a116d8
-
SHA256
4f6242573cd5b7b50a3091449e2df40fa3005d14a0389931b948782d11ab27e9
-
SHA512
4f5ef2d0538a3a38748d4c2378e15cd91bd0073ac28e093be7cb86a2d9ef29aaa667f07a516a169bd0e44ab09202914c8bdae9cf5cd1f5d543ebf3388222ad2b
-
SSDEEP
3072:0Bx88hg1dtEGiymTRNE18lEqtYDeQ9SYp1+:0w8OmTRNE14WDF7p1+
Score10/10-
RevengeRAT
Remote-access trojan with a wide range of capabilities.
-
RevengeRat Executable
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1Scheduled Task/Job
1Scheduled Task
1Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1