revengerat

General

Target

2024-10-21_827f627aaef021cc65eba223886d34a9_hiddentear_hijackloader
Size

356KB
Sample

241021-fraj9s1hnq
MD5

827f627aaef021cc65eba223886d34a9
SHA1

8563f056bbaf6e7e3ff8e60c3a1636f385fc8d46
SHA256

44ad90c5c9b26eb57351d420ec793353473c8f382dc4cb426c40e4bca4790da4
SHA512

c26f620ec974a95244355c28b0d3677d45b48e6751ad1548fb6d27c96df9c32a20c636a86350c07e402676bc242c755abad739917c7fad03ea37aa989045b37a
SSDEEP

6144:UlnGb9TlQ7GpimbKztK6euuEeLBBAl1e+o7B+lDAAj:QMk7GV2M6eu+idAAj

Score

10^/10

Malware Config

Extracted

Family

revengerat

Botnet

SPAM

C2

kilimanjaro.cloudns.nz:8809

kilimanjaro.dns.army:8809

kilimanjaro.hopto.org:8809

kilimanjaro.run.place:8809

Mutex

RV_MUTEX-GYuaWVCGnhpCsG

Targets

- Target
  
  2024-10-21_827f627aaef021cc65eba223886d34a9_hiddentear_hijackloader
- Size
  
  356KB
- MD5
  
  827f627aaef021cc65eba223886d34a9
- SHA1
  
  8563f056bbaf6e7e3ff8e60c3a1636f385fc8d46
- SHA256
  
  44ad90c5c9b26eb57351d420ec793353473c8f382dc4cb426c40e4bca4790da4
- SHA512
  
  c26f620ec974a95244355c28b0d3677d45b48e6751ad1548fb6d27c96df9c32a20c636a86350c07e402676bc242c755abad739917c7fad03ea37aa989045b37a
- SSDEEP
  
  6144:UlnGb9TlQ7GpimbKztK6euuEeLBBAl1e+o7B+lDAAj:QMk7GV2M6eu+idAAj
Score

10^/10

revengerat spam discovery trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2