revengerat

General

Target

c6150579a9208a1a276639799cc9c6b6021f6cca3b30c2d2d1c67fd4ffd353a9
Size

355KB
Sample

241018-qc46fa1ckn
MD5

25efc0ddf66616f5848ea55bec0290bb
SHA1

1607037714f3ffafedba7939977eccf0213de00c
SHA256

c6150579a9208a1a276639799cc9c6b6021f6cca3b30c2d2d1c67fd4ffd353a9
SHA512

5eb4e3137abcdf228add19b3f4e2f57007ffae92af2a4d424119f9f4f10a54fde1de6ca7ffc6c6d3f3f2809725f3dd799f24e5f4c4894dcc0217f0ef358efede
SSDEEP

3072:VLHoER+xnfxl18JZWmx8qQdzwkQXl91wPHZbYPRpTAlpyTgh3/izvzX1vAc513kq:poER+xnfxlmOQjYqaUzL1X513n+lDAAO

Score

10^/10

Malware Config

Extracted

Family

revengerat

Botnet

SPAM

C2

kilimanjaro.cloudns.nz:8809

kilimanjaro.dns.army:8809

kilimanjaro.hopto.org:8809

kilimanjaro.run.place:8809

Mutex

RV_MUTEX-GYuaWVCGnhpCsG

Targets

- Target
  
  c6150579a9208a1a276639799cc9c6b6021f6cca3b30c2d2d1c67fd4ffd353a9
- Size
  
  355KB
- MD5
  
  25efc0ddf66616f5848ea55bec0290bb
- SHA1
  
  1607037714f3ffafedba7939977eccf0213de00c
- SHA256
  
  c6150579a9208a1a276639799cc9c6b6021f6cca3b30c2d2d1c67fd4ffd353a9
- SHA512
  
  5eb4e3137abcdf228add19b3f4e2f57007ffae92af2a4d424119f9f4f10a54fde1de6ca7ffc6c6d3f3f2809725f3dd799f24e5f4c4894dcc0217f0ef358efede
- SSDEEP
  
  3072:VLHoER+xnfxl18JZWmx8qQdzwkQXl91wPHZbYPRpTAlpyTgh3/izvzX1vAc513kq:poER+xnfxlmOQjYqaUzL1X513n+lDAAO
Score

10^/10

revengerat spam discovery trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2