revengerat | f08b4bf9d69bb3d0d8331da658d55642c03537ce985075b9c95ba6dfc69587fe | Triage

Sharing

General

Target

f08b4bf9d69bb3d0d8331da658d55642c03537ce985075b9c95ba6dfc69587fe
Size

17KB
Sample

220205-j3fgfahdd5
MD5

0282e3f3c85d9dc212922206b57c075f
SHA1

a91370bc6c253102f091489f65580f6318e2f3ca
SHA256

f08b4bf9d69bb3d0d8331da658d55642c03537ce985075b9c95ba6dfc69587fe
SHA512

bdd5021930bca1cf2f68f01593ee223815fa49d2a7c2dfc530fa7a4098eb74e12195beea8c743a5e8dd326ce1af5198268a4ae8721257c747feebb67d8e0d6e5

Score

10^/10

revengerat guest persistence stealer

Malware Config

Extracted

Family

revengerat

Botnet

Guest

C2

windowuser.ddns.net:1117

Mutex

RV_MUTEX

Targets

- Target
  
  f08b4bf9d69bb3d0d8331da658d55642c03537ce985075b9c95ba6dfc69587fe
- Size
  
  17KB
- MD5
  
  0282e3f3c85d9dc212922206b57c075f
- SHA1
  
  a91370bc6c253102f091489f65580f6318e2f3ca
- SHA256
  
  f08b4bf9d69bb3d0d8331da658d55642c03537ce985075b9c95ba6dfc69587fe
- SHA512
  
  bdd5021930bca1cf2f68f01593ee223815fa49d2a7c2dfc530fa7a4098eb74e12195beea8c743a5e8dd326ce1af5198268a4ae8721257c747feebb67d8e0d6e5
Score

8^/10

persistence
- Sets service image path in registry
  persistence
- Drops startup file
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

stealerguestrevengerat

behavioral1

behavioral2