revengerat | b92fe7309b229fc2894d3b10b0a9cd148fb1b4214bffb3b0bd16ef219f21f632 | Triage

Sharing

General

Target

b92fe7309b229fc2894d3b10b0a9cd148fb1b4214bffb3b0bd16ef219f21f632
Size

16KB
Sample

220201-ewy8rageen
MD5

98d751f3357514c67a2347c4fe8b5719
SHA1

cf34927fae94a702662833abd69071c187b6067a
SHA256

b92fe7309b229fc2894d3b10b0a9cd148fb1b4214bffb3b0bd16ef219f21f632
SHA512

5112b43dbaf6bef59a83a631180893ab5cfe423dd2454a03c0652812baad0877193ff1316a74011a357eb26c481b5665ce07ea41d607e09ec5e66b833dceb6e1

Score

10^/10

revengerat guest persistence stealer

Malware Config

Extracted

Family

revengerat

Botnet

Guest

C2

miqas.ddns.net:2685

Mutex

RV_MUTEX-nCNMSKYtPcYB

Targets

- Target
  
  b92fe7309b229fc2894d3b10b0a9cd148fb1b4214bffb3b0bd16ef219f21f632
- Size
  
  16KB
- MD5
  
  98d751f3357514c67a2347c4fe8b5719
- SHA1
  
  cf34927fae94a702662833abd69071c187b6067a
- SHA256
  
  b92fe7309b229fc2894d3b10b0a9cd148fb1b4214bffb3b0bd16ef219f21f632
- SHA512
  
  5112b43dbaf6bef59a83a631180893ab5cfe423dd2454a03c0652812baad0877193ff1316a74011a357eb26c481b5665ce07ea41d607e09ec5e66b833dceb6e1
Score

8^/10

persistence
- Sets service image path in registry
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

stealerguestrevengerat

behavioral1

behavioral2