revengerat | b2144af6922d925a99bdb5e2264b40af2d310c556444fa61ee190ced786ff81b | Triage

Sharing

General

Target

b2144af6922d925a99bdb5e2264b40af2d310c556444fa61ee190ced786ff81b
Size

26KB
Sample

220201-e3fd8ahcc5
MD5

ab0a239a67498b1fe875cac61e1cc881
SHA1

259e3a7a5350d79d7f18677aeb5dad0df3c1c4e6
SHA256

b2144af6922d925a99bdb5e2264b40af2d310c556444fa61ee190ced786ff81b
SHA512

657d23e85e010ed6bd71e46fdf3c56e16ac2946e6a0e341ace1440c82af0c4fb85630a5cfcd1044e80138ebd815be6bd5bf714d230d1d976e68839800f26f6b9

Score

10^/10

revengerat owo persistence stealer

Malware Config

Extracted

Family

revengerat

Botnet

OwO

C2

steroidigo.ddns.net:1605

Mutex

RV_MUTEX-HrLwVrReSbcn

Targets

- Target
  
  b2144af6922d925a99bdb5e2264b40af2d310c556444fa61ee190ced786ff81b
- Size
  
  26KB
- MD5
  
  ab0a239a67498b1fe875cac61e1cc881
- SHA1
  
  259e3a7a5350d79d7f18677aeb5dad0df3c1c4e6
- SHA256
  
  b2144af6922d925a99bdb5e2264b40af2d310c556444fa61ee190ced786ff81b
- SHA512
  
  657d23e85e010ed6bd71e46fdf3c56e16ac2946e6a0e341ace1440c82af0c4fb85630a5cfcd1044e80138ebd815be6bd5bf714d230d1d976e68839800f26f6b9
Score

8^/10

persistence
- Sets service image path in registry
  persistence
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

stealeroworevengerat

behavioral1

behavioral2