revengerat

General

Target

2024-10-30_cc9ab55b63738d3320e4249f210eb21a_hiddentear_hijackloader
Size

351KB
Sample

241030-swar2swgkr
MD5

cc9ab55b63738d3320e4249f210eb21a
SHA1

fe81d79df7e3e0497501ba9627962c25693c1f1c
SHA256

cd408aa67ec73ca9938dd4f97e1f520cd106466752c48d41547d9dee38efaef7
SHA512

acee588a3c0d4357af531411797235cac1df733b77754f77a171e916b93a4631d539ce3b504d2d06d9de92c51439203c93077ea2b3bc1b1ef0ccd2590b21cc18
SSDEEP

6144:cpIOU6F4Z5zkR0R5r3PsnrysQHRxv3S9Sy+lDAA3W:GIj6uNkRirCQDekdAAm

Score

10^/10

Malware Config

Extracted

Family

revengerat

Botnet

SPAM

C2

kilimanjaro.cloudns.nz:8809

kilimanjaro.run.place:8809

kilimanjaro.crabdance.com:8809

kilimanjaro.bigmoney.biz:8809

kilimanjaro.theworkpc.com:8809

burkinafaso.duckdns.org:8809

Mutex

RV_MUTEX-GYuaWVCGnhpCsG

Targets

- Target
  
  2024-10-30_cc9ab55b63738d3320e4249f210eb21a_hiddentear_hijackloader
- Size
  
  351KB
- MD5
  
  cc9ab55b63738d3320e4249f210eb21a
- SHA1
  
  fe81d79df7e3e0497501ba9627962c25693c1f1c
- SHA256
  
  cd408aa67ec73ca9938dd4f97e1f520cd106466752c48d41547d9dee38efaef7
- SHA512
  
  acee588a3c0d4357af531411797235cac1df733b77754f77a171e916b93a4631d539ce3b504d2d06d9de92c51439203c93077ea2b3bc1b1ef0ccd2590b21cc18
- SSDEEP
  
  6144:cpIOU6F4Z5zkR0R5r3PsnrysQHRxv3S9Sy+lDAA3W:GIj6uNkRirCQDekdAAm
Score

10^/10

revengerat spam discovery trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Revengerat family
  revengerat
- .NET Reactor proctector
  Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Revengerat family

.NET Reactor proctector

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2