revengerat | bf34977eea90dc8bd7b5269b47ab2a49cdc0a63276171dffadd91936ba26bd9b | Triage

Submit
Reports

Overview

overview

Static

static

bf34977eea...9b.exe

windows7_x64

bf34977eea...9b.exe

windows10-2004_x64

Sharing

General

Target

bf34977eea90dc8bd7b5269b47ab2a49cdc0a63276171dffadd91936ba26bd9b
Size

410KB
Sample

220208-vv261sbgcq
MD5

67e0931fe20e34f2afa338cedfa66748
SHA1

1123279edbeca2d1eba565e57edf1ac2f19f056e
SHA256

bf34977eea90dc8bd7b5269b47ab2a49cdc0a63276171dffadd91936ba26bd9b
SHA512

f03396efa39bf92cb713df3fe94510b42ad2ab709efb4957d6e0ebca56d46b14c9cda063a7fb4b39bdbe1587ade5ed22b881864be5ec93dafbe103e28964f599

Score

10^/10

revengerat persistence stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

bf34977eea90dc8bd7b5269b47ab2a49cdc0a63276171dffadd91936ba26bd9b.exe

Resource

win7-en-20211208

revengerat persistence stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

bf34977eea90dc8bd7b5269b47ab2a49cdc0a63276171dffadd91936ba26bd9b.exe

Resource

win10v2004-en-20220112

revengerat stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  bf34977eea90dc8bd7b5269b47ab2a49cdc0a63276171dffadd91936ba26bd9b
- Size
  
  410KB
- MD5
  
  67e0931fe20e34f2afa338cedfa66748
- SHA1
  
  1123279edbeca2d1eba565e57edf1ac2f19f056e
- SHA256
  
  bf34977eea90dc8bd7b5269b47ab2a49cdc0a63276171dffadd91936ba26bd9b
- SHA512
  
  f03396efa39bf92cb713df3fe94510b42ad2ab709efb4957d6e0ebca56d46b14c9cda063a7fb4b39bdbe1587ade5ed22b881864be5ec93dafbe103e28964f599
Score

10^/10

revengerat persistence stealer trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- RevengeRat Executable
  stealer
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Scripting

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

revengeratpersistencestealertrojan

behavioral2

revengeratstealertrojan

© 2018-2024

Terms | Privacy