revengerat | 2ebc9f7227f6bba53fd445a09361e3ed6a359a6f6a5b6af7b8cedff967abf423 | Triage

Sharing

General

Target

AGkqWQi3.exe
Size

17KB
Sample

201109-g4bf6hay8j
MD5

ec0bed45da8cf7480cc30ae80cdc20ee
SHA1

e14c45e1b7bcc284e9f4295c193460fd46e866f1
SHA256

2ebc9f7227f6bba53fd445a09361e3ed6a359a6f6a5b6af7b8cedff967abf423
SHA512

b5e3c970158e7500e3e7b28bb7cf3c8afd5070ab12f457c53e3f1940b76206ff4da8aa1fafb71605e2b8dcc713359129b2486c40ceb99c2079d68f7e754c2f24

Score

10^/10

revengerat guest persistence stealer

Malware Config

Extracted

Family

revengerat

Botnet

Guest

C2

discord.linkpc.net:333

Mutex

RV_MUTEX

Targets

- Target
  
  AGkqWQi3.exe
- Size
  
  17KB
- MD5
  
  ec0bed45da8cf7480cc30ae80cdc20ee
- SHA1
  
  e14c45e1b7bcc284e9f4295c193460fd46e866f1
- SHA256
  
  2ebc9f7227f6bba53fd445a09361e3ed6a359a6f6a5b6af7b8cedff967abf423
- SHA512
  
  b5e3c970158e7500e3e7b28bb7cf3c8afd5070ab12f457c53e3f1940b76206ff4da8aa1fafb71605e2b8dcc713359129b2486c40ceb99c2079d68f7e754c2f24
Score

6^/10

persistence
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

stealerguestrevengerat

behavioral1

behavioral2