2020-01-15 - QUICK POST: MALSPAM PUSHING REVENGE RAT

ASSOCIATED FILES:

  • 2020-01-15-RevengeRAT-infection-traffic.pcap   (661,632 bytes)
  • 2020-01-15-C-Users-bfett-AppData-Roaming-efinhodabumbum.vbs.txt   (9,028 bytes)
  • 2020-01-15-XLS-attachment-with-macro-for-Revenge-RAT.bin   (229,376 bytes)
  • 2020-01-15-malspam-pushing-RevengeRAT.eml   (316,582 bytes)
  • 2020-01-15-p_1472t0ztm1.jpg-from-a.top4top.io.txt   (178,634 bytes)
  • 2020-01-15-p_14754cwzr1-from-h.top4top.io.txt   (9,028 bytes)
  • 2020-01-15-p_1475rf4dz1.jpg-from-e.top4top.io.txt   (316,417 bytes)
  • 2020-01-15-registry-update-for-RevengeRAT.txt   (590 bytes)

NOTES:

 

IMAGES


Shown above:  Traffic from the infection filtered in Wireshark.

 


Shown above:  TCP stream from the RevengeRAT callback traffic.

 

Click here to return to the main page.