revengerat | 040c253f17159291ca14147125f84e8bd30c5c55fe85f154a19b9f94cf0f6d2a | Triage

Sharing

General

Target

JaffaCakes118_2c5c01af4c821c358cbb0e00cfcae4b0
Size

387KB
Sample

250106-s99hjazrcy
MD5

2c5c01af4c821c358cbb0e00cfcae4b0
SHA1

50c3002558cd9d09ff31af93d1ca7a7148b991fe
SHA256

040c253f17159291ca14147125f84e8bd30c5c55fe85f154a19b9f94cf0f6d2a
SHA512

42de31c47191e605a3daa4678352a2c83a0684108ead7e3af66e88815b45530b7b6241859615e90cc527d0f1786a27d2b0710c6d8afc28e212e053b9996a803d
SSDEEP

6144:kYESD6lunpseAVoSb8UxeG+otZZnvBCrXJM2+:kYESDF6VoSd1zZ9BO+n

Score

10^/10

revengerat limerevenge trojan

Malware Config

Extracted

Family

revengerat

Botnet

LimeRevenge

Mutex

29a-8fa6-0ac610b243aa

Targets

- Target
  
  JaffaCakes118_2c5c01af4c821c358cbb0e00cfcae4b0
- Size
  
  387KB
- MD5
  
  2c5c01af4c821c358cbb0e00cfcae4b0
- SHA1
  
  50c3002558cd9d09ff31af93d1ca7a7148b991fe
- SHA256
  
  040c253f17159291ca14147125f84e8bd30c5c55fe85f154a19b9f94cf0f6d2a
- SHA512
  
  42de31c47191e605a3daa4678352a2c83a0684108ead7e3af66e88815b45530b7b6241859615e90cc527d0f1786a27d2b0710c6d8afc28e212e053b9996a803d
- SSDEEP
  
  6144:kYESD6lunpseAVoSb8UxeG+otZZnvBCrXJM2+:kYESDF6VoSd1zZ9BO+n
Score

10^/10

revengerat limerevenge trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Revengerat family
  revengerat
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

revengeratlimerevengetrojan

behavioral2

revengeratlimerevengetrojan