Overview

overview

10

Static

static

10

sample.exe

windows7_x64

10

sample.exe

windows10-2004_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    21f5909d993021a2715121c75f652e65becec4bbf15ac2c27458fe04b8c48134

  • Size

    42KB

  • Sample

    220201-etqtlagebn

  • MD5

    b6cadab3777da717bb7934330a77f8da

  • SHA1

    67f32125d673e8256be8efbd814beb5980e769f1

  • SHA256

    21f5909d993021a2715121c75f652e65becec4bbf15ac2c27458fe04b8c48134

  • SHA512

    edcf3bef66b4642ce0980557d7059202ab5e6495094cefdcb2dbdd26dd4ca664e9c8195031a256b4a4c41eb19e4ba946a51e37c2cad62021296b1d6ab3e578f1

Score
10/10
revengeratsystempersistencestealertrojan

Malware Config

Extracted

Family

revengerat

Botnet

system

C2

47.100.84.12:55656

Mutex

RV_MUTEX-QZblRvZwfRtNH

Targets

    • Target

      sample

    • Size

      102KB

    • MD5

      f6eec1317ece3ffb7c4916e224d9734d

    • SHA1

      a3447ba9b83f30284c6d3effb45c31ad9d5f258f

    • SHA256

      bbd3ecd9e9671d94e8897980c4eb9391ae9cb444615ed9a93b8221ae8fa66790

    • SHA512

      36f13789fb55fc017c7cdbfe2eb3d8993fba913986f772a9ca096686256a10f4011a4af6b6187c2b45873d1e5fc00a993b1e5f9571a9609d967ad7be57e778d2

    Score
    10/10
    revengeratsystempersistencestealertrojan

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

      trojanrevengerat

    • RevengeRat Executable

      stealer

    • Executes dropped EXE

    • Sets service image path in registry

      persistence

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

2
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks