revengerat | 948340be97cc69c2cf8e5c8327ee52a89eeb50095f978696c710ad773a46b654 | Triage

Sharing

General

Target

948340be97cc69c2cf8e5c8327ee52a89eeb50095f978696c710ad773a46b654
Size

17KB
Sample

201108-epkb9ydqlx
MD5

aa0a434f00c138ef445bf89493a6d731
SHA1

2e798c079b179b736247cf20d1346657db9632c7
SHA256

948340be97cc69c2cf8e5c8327ee52a89eeb50095f978696c710ad773a46b654
SHA512

e5b50ccd82c9cd5797dfc278dbd4bef6b4cb4468424962666d2618707a3c69e0154e8fb11846e0f529dd6e903fd9de2a2f4dd3b526821b10f08530371a0c6952

Score

10^/10

revengerat victime persistence stealer trojan

Malware Config

Extracted

Family

revengerat

Botnet

Victime

C2

cocohack.dtdns.net:84

Mutex

RV_MUTEX-OKuSAtYBxGgZHx

Targets

- Target
  
  948340be97cc69c2cf8e5c8327ee52a89eeb50095f978696c710ad773a46b654
- Size
  
  17KB
- MD5
  
  aa0a434f00c138ef445bf89493a6d731
- SHA1
  
  2e798c079b179b736247cf20d1346657db9632c7
- SHA256
  
  948340be97cc69c2cf8e5c8327ee52a89eeb50095f978696c710ad773a46b654
- SHA512
  
  e5b50ccd82c9cd5797dfc278dbd4bef6b4cb4468424962666d2618707a3c69e0154e8fb11846e0f529dd6e903fd9de2a2f4dd3b526821b10f08530371a0c6952
Score

10^/10

revengerat victime persistence stealer trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- RevengeRat Executable
  stealer
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

stealervictimerevengerat

behavioral1

revengeratvictimepersistencestealertrojan

behavioral2

revengeratvictimepersistencestealertrojan