revengerat | 299af7f15d174ff027a719a08a4fde2d269a5b90e2c2a41eea5fb7769d4b7f5e | Triage

Sharing

General

Target

299af7f15d174ff027a719a08a4fde2d269a5b90e2c2a41eea5fb7769d4b7f5e
Size

16KB
Sample

220201-jm7wrabafj
MD5

d8c33f6cfe8aed6ebd96231ccb563429
SHA1

e40e2bd1639acd48428a93a29cee5c5da19cefd3
SHA256

299af7f15d174ff027a719a08a4fde2d269a5b90e2c2a41eea5fb7769d4b7f5e
SHA512

ec0a7a02ef5fd9778c4da7745c56d12324ded0a2c539879c2b4a37ccd1f2cd866a316ed3d1e010aa76a919dfe0ae13bd1c69b752b1aa34c2b5421820fb025bea

Score

10^/10

revengerat guest persistence stealer

Malware Config

Extracted

Family

revengerat

Botnet

Guest

C2

127.0.0.1:333

Mutex

RV_MUTEX

Targets

- Target
  
  299af7f15d174ff027a719a08a4fde2d269a5b90e2c2a41eea5fb7769d4b7f5e
- Size
  
  16KB
- MD5
  
  d8c33f6cfe8aed6ebd96231ccb563429
- SHA1
  
  e40e2bd1639acd48428a93a29cee5c5da19cefd3
- SHA256
  
  299af7f15d174ff027a719a08a4fde2d269a5b90e2c2a41eea5fb7769d4b7f5e
- SHA512
  
  ec0a7a02ef5fd9778c4da7745c56d12324ded0a2c539879c2b4a37ccd1f2cd866a316ed3d1e010aa76a919dfe0ae13bd1c69b752b1aa34c2b5421820fb025bea
Score

8^/10

persistence
- Sets service image path in registry
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

stealerguestrevengerat

behavioral1

behavioral2