Overview

overview

10

Static

static

3

a303abeb45...c8.exe

windows7-x64

10

a303abeb45...c8.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_643f7880142790c4a4d76109fa4f81c11e15c6a83c40ee8c839d4c7eb40e3da3

  • Size

    618KB

  • Sample

    241223-3j5rrsvpgl

  • MD5

    32dc19d20555d62687ba27c0e71787e1

  • SHA1

    8b5d8f848d5df3862fa84846d6e089a1ee3ba892

  • SHA256

    643f7880142790c4a4d76109fa4f81c11e15c6a83c40ee8c839d4c7eb40e3da3

  • SHA512

    ca64cb24b054977d0462aeaffaca065c1472345c357cb129b7c60b7d1e57fa27c83ced5b313957f52ac41e40bd244ee3b9500d63d5ba029385e6aae5ba783340

  • SSDEEP

    12288:h3u9HgH3exX0like0p+GZsco4SLCvnNuas79punfJN/wtvHnv:h3nOx0liM+Gpo40sNEbCN4tvnv

Score
10/10
revengeratdownloaderdiscoverytrojan

Malware Config

Extracted

Family

revengerat

Botnet

Downloader

C2

79.134.225.46:6606

borah22.accesscam.org:6606
Mutex

RV_MUTEX-RYBGldGoFYEKgHD

Targets

    • Target

      a303abeb45c17496d1134401d5f1e4e6804e6bf0ce192b28ec73951d1ee361c8

    • Size

      959KB

    • MD5

      2873ffc6801b6f646d9f14f339e7e550

    • SHA1

      23329c57d5e345e5f5d5aff41164168e6e3228a6

    • SHA256

      a303abeb45c17496d1134401d5f1e4e6804e6bf0ce192b28ec73951d1ee361c8

    • SHA512

      16fdd7a22e01b5b5eb39b92c1ee96df0aa355a3a47d14f08ce887f3684cef65250d7675c035dab6de79054a0d39237746aa4aa67d055872643edb9753a9458cb

    • SSDEEP

      12288:j6oLLoS60/K7yh0necHIgCIzoLLZefb06B+lHDBb+qL2pG3N8XNC834U:j6oLAehgCpgfb0W+x4GQ74U

    Score
    10/10
    revengeratdownloaderdiscoverytrojan

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

      trojanrevengerat

    • Revengerat family

      revengerat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks