General

  • Target

    ce6995d970f47c61f914b54a6afebb7909177adedbbc418aef102e0994f72ea5N

  • Size

    908KB

  • Sample

    241020-e8hfrszaqe

  • MD5

    36c2703ce518ee10f3da808d545c4090

  • SHA1

    4e09874874250986a6600e6019c508099281241b

  • SHA256

    ce6995d970f47c61f914b54a6afebb7909177adedbbc418aef102e0994f72ea5

  • SHA512

    3d828c0e4a2a009e7002e922267c0bb000bf02f7ac256811ebe0025e7762512da3caa9d924a1fd5fc3b82a66cc48a0de62a125c1d8ea22369ccb08d06a39467d

  • SSDEEP

    24576:lAHnh+eWsN3skA4RV1Hom2KXMmHa2s48tt5i:Uh+ZkldoPK8Ya2Ui

Malware Config

Extracted

Family

revengerat

Botnet

APRIL

C2

mallorca.myftp.org:5198

Mutex

RV_MUTEX-JHXJvbCGPPiCCaK

Targets

    • Target

      ce6995d970f47c61f914b54a6afebb7909177adedbbc418aef102e0994f72ea5N

    • Size

      908KB

    • MD5

      36c2703ce518ee10f3da808d545c4090

    • SHA1

      4e09874874250986a6600e6019c508099281241b

    • SHA256

      ce6995d970f47c61f914b54a6afebb7909177adedbbc418aef102e0994f72ea5

    • SHA512

      3d828c0e4a2a009e7002e922267c0bb000bf02f7ac256811ebe0025e7762512da3caa9d924a1fd5fc3b82a66cc48a0de62a125c1d8ea22369ccb08d06a39467d

    • SSDEEP

      24576:lAHnh+eWsN3skA4RV1Hom2KXMmHa2s48tt5i:Uh+ZkldoPK8Ya2Ui

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

    • Drops startup file

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks