revengerat | e167b20f1acf48f7ce0ae33a218e2c1b300b41c012ededf03e7a3522a4ebe95e | Triage

Submit
Reports

Overview

overview

Static

static

e167b20f1a...5e.exe

windows7_x64

e167b20f1a...5e.exe

windows10-2004_x64

8

Sharing

General

Target

e167b20f1acf48f7ce0ae33a218e2c1b300b41c012ededf03e7a3522a4ebe95e
Size

142KB
Sample

220201-dy59eagee3
MD5

7338b335ad5471cb67658f27836374f0
SHA1

eb0e81598d8526d88cac4695a3e9360cc8fbb331
SHA256

e167b20f1acf48f7ce0ae33a218e2c1b300b41c012ededf03e7a3522a4ebe95e
SHA512

1abaf8f72d10eaa5a77dabaeb20d922228c09c3da9756a09a63b7dc77cc9e866b3d47aad17bf2ae2846458964af6c028975c5631116a677a80ff317769ccf2f7

Score

10^/10

revengerat persistence stealer trojan

Static task

static1

stealer revengerat

Behavioral task

behavioral1

Sample

e167b20f1acf48f7ce0ae33a218e2c1b300b41c012ededf03e7a3522a4ebe95e.exe

Resource

win7-en-20211208

revengerat persistence stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

e167b20f1acf48f7ce0ae33a218e2c1b300b41c012ededf03e7a3522a4ebe95e.exe

Resource

win10v2004-en-20220113

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  e167b20f1acf48f7ce0ae33a218e2c1b300b41c012ededf03e7a3522a4ebe95e
- Size
  
  142KB
- MD5
  
  7338b335ad5471cb67658f27836374f0
- SHA1
  
  eb0e81598d8526d88cac4695a3e9360cc8fbb331
- SHA256
  
  e167b20f1acf48f7ce0ae33a218e2c1b300b41c012ededf03e7a3522a4ebe95e
- SHA512
  
  1abaf8f72d10eaa5a77dabaeb20d922228c09c3da9756a09a63b7dc77cc9e866b3d47aad17bf2ae2846458964af6c028975c5631116a677a80ff317769ccf2f7
Score

10^/10

revengerat persistence stealer trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- RevengeRat Executable
  stealer
- Executes dropped EXE
- Sets service image path in registry
  persistence
- Drops startup file
- Loads dropped DLL
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Scripting

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

stealerrevengerat

behavioral1

revengeratpersistencestealertrojan

behavioral2

© 2018-2024

Terms | Privacy