revengerat | a6f7774c76ee23dd30712fe5362651dd9895ec275ebcf84b276540d3099ad804 | Triage

Sharing

General

Target

a6f7774c76ee23dd30712fe5362651dd9895ec275ebcf84b276540d3099ad804
Size

83KB
Sample

220201-fax91aggep
MD5

f049cf0b255b3697e3fd5acaddd70f30
SHA1

0032a97de4339f52b31202bc19a41ad8a1a367c2
SHA256

a6f7774c76ee23dd30712fe5362651dd9895ec275ebcf84b276540d3099ad804
SHA512

eb9a3639821a6c28f6fd258cf9733e2ce9907431cbe83157eda4006b3a81ba150227c6f61c83ba5ab31911ad5e977670a4be0bbad8da83f51bdb07b1520dca60

Score

10^/10

revengerat guest persistence stealer

Malware Config

Extracted

Family

revengerat

Botnet

Guest

C2

83.159.223.112:1604

Mutex

RV_MUTEX

Targets

- Target
  
  a6f7774c76ee23dd30712fe5362651dd9895ec275ebcf84b276540d3099ad804
- Size
  
  83KB
- MD5
  
  f049cf0b255b3697e3fd5acaddd70f30
- SHA1
  
  0032a97de4339f52b31202bc19a41ad8a1a367c2
- SHA256
  
  a6f7774c76ee23dd30712fe5362651dd9895ec275ebcf84b276540d3099ad804
- SHA512
  
  eb9a3639821a6c28f6fd258cf9733e2ce9907431cbe83157eda4006b3a81ba150227c6f61c83ba5ab31911ad5e977670a4be0bbad8da83f51bdb07b1520dca60
Score

8^/10

persistence
- Sets service image path in registry
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

stealerguestrevengerat

behavioral1

behavioral2