revengerat | ea95110c6eace17e1362e51ea50327a99899b76c7295650363325a22bf70a05b | Triage

Sharing

General

Target

JaffaCakes118_62bc5ed1faedbd153aefbd0f660b9398
Size

220KB
Sample

250102-fdwkkswpfl
MD5

62bc5ed1faedbd153aefbd0f660b9398
SHA1

00f5114002f3890ba4d32c7960ba04bb907c18b7
SHA256

ea95110c6eace17e1362e51ea50327a99899b76c7295650363325a22bf70a05b
SHA512

d47b50992bc4fdefe0cc7b5a5a72d3aa6b35c9f47841b7f0173303ddb38c2c072ce40925a2e715c43a98c0f7f85977aa00c74adf1d630b72486339bfd6e958ab
SSDEEP

3072:kXs/p61nqa4LEHBAnpK37nXua1V0Vz1z7ZwnZspzqeNOefG4Gyq6nF7waf5+:R/p61nOVaDCzFNkOqefpl+

Score

10^/10

revengerat limerevenge trojan

Malware Config

Extracted

Family

revengerat

Botnet

LimeRevenge

Mutex

208-9035-4d24f5a5133d

Targets

- Target
  
  JaffaCakes118_62bc5ed1faedbd153aefbd0f660b9398
- Size
  
  220KB
- MD5
  
  62bc5ed1faedbd153aefbd0f660b9398
- SHA1
  
  00f5114002f3890ba4d32c7960ba04bb907c18b7
- SHA256
  
  ea95110c6eace17e1362e51ea50327a99899b76c7295650363325a22bf70a05b
- SHA512
  
  d47b50992bc4fdefe0cc7b5a5a72d3aa6b35c9f47841b7f0173303ddb38c2c072ce40925a2e715c43a98c0f7f85977aa00c74adf1d630b72486339bfd6e958ab
- SSDEEP
  
  3072:kXs/p61nqa4LEHBAnpK37nXua1V0Vz1z7ZwnZspzqeNOefG4Gyq6nF7waf5+:R/p61nOVaDCzFNkOqefpl+
Score

10^/10

revengerat limerevenge trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Revengerat family
  revengerat
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

revengeratlimerevengetrojan

behavioral2

revengeratlimerevengetrojan