revengerat | f759299c255908d9dc75e0a65c7abd3598835c7e29c911f238a2df2b77703db5 | Triage

Sharing

General

Target

f759299c255908d9dc75e0a65c7abd3598835c7e29c911f238a2df2b77703db5
Size

162KB
Sample

220219-k1mcmsabe4
MD5

066033d8f2c588fbb53efe7eb7a320da
SHA1

95466ba7d5566315e84b023f618926647c414a8c
SHA256

f759299c255908d9dc75e0a65c7abd3598835c7e29c911f238a2df2b77703db5
SHA512

4df815cb9e1777e6352af216ed34c9b0a9b4c8b0be1ff1e6d4ed67716eca4350dbcd354534f56eafcb894968d7fcd7340d918d71efaf843bdc403d9ebb00f2d0

Score

10^/10

revengerat client trojan

Malware Config

Extracted

Family

revengerat

Botnet

Client

C2

kimjoy.ddns.net:6699

Mutex

S1NTYL5X286LOEH

Targets

- Target
  
  f759299c255908d9dc75e0a65c7abd3598835c7e29c911f238a2df2b77703db5
- Size
  
  162KB
- MD5
  
  066033d8f2c588fbb53efe7eb7a320da
- SHA1
  
  95466ba7d5566315e84b023f618926647c414a8c
- SHA256
  
  f759299c255908d9dc75e0a65c7abd3598835c7e29c911f238a2df2b77703db5
- SHA512
  
  4df815cb9e1777e6352af216ed34c9b0a9b4c8b0be1ff1e6d4ed67716eca4350dbcd354534f56eafcb894968d7fcd7340d918d71efaf843bdc403d9ebb00f2d0
Score

10^/10

revengerat client trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

revengeratclienttrojan