revengerat | 620b8057f975eb2475b9a5a0756f21d4b866acc1f02c418ee3d994b74ee6bb77 | Triage

Sharing

General

Target

620b8057f975eb2475b9a5a0756f21d4b866acc1f02c418ee3d994b74ee6bb77
Size

107KB
Sample

220219-k2k6zabbgn
MD5

0572b2985ec70a37642e6a5513a098c2
SHA1

686116cf6308871a8c7e79e2d305093e04a60476
SHA256

620b8057f975eb2475b9a5a0756f21d4b866acc1f02c418ee3d994b74ee6bb77
SHA512

43b58d5bdebae446bca36b9a08a3e71d7ffb8f05beb2a05e26d74bf1093f73171e33cf645a1379ce88e766227c5e4b103567e81594288a9664745bc6a39522b6

Score

10^/10

revengerat anjola persistence stealer trojan

Malware Config

Extracted

Family

revengerat

Botnet

Anjola

C2

bodmas01.zapto.org:6969

Mutex

RV_MUTEX-evTTgZNUUPRaw

Targets

- Target
  
  620b8057f975eb2475b9a5a0756f21d4b866acc1f02c418ee3d994b74ee6bb77
- Size
  
  107KB
- MD5
  
  0572b2985ec70a37642e6a5513a098c2
- SHA1
  
  686116cf6308871a8c7e79e2d305093e04a60476
- SHA256
  
  620b8057f975eb2475b9a5a0756f21d4b866acc1f02c418ee3d994b74ee6bb77
- SHA512
  
  43b58d5bdebae446bca36b9a08a3e71d7ffb8f05beb2a05e26d74bf1093f73171e33cf645a1379ce88e766227c5e4b103567e81594288a9664745bc6a39522b6
Score

10^/10

revengerat anjola persistence stealer trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- RevengeRat Executable
  stealer
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Scripting

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

stealeranjolarevengerat

behavioral1

revengeratanjolapersistencestealertrojan

behavioral2