revengerat | b759243e0b1b03d3c7f3cf4bdb3f92f81432cb06192e25cb92127815f89ab48c | Triage

Analysis

max time kernel
149s
max time network
154s
platform
windows7_x64
resource
win7-en-20211208
submitted
27-02-2022 02:55

Sharing

Report Analysis Logs

General

Target

b759243e0b1b03d3c7f3cf4bdb3f92f81432cb06192e25cb92127815f89ab48c.exe
Size

274KB
MD5

e9eff0054dcde9e3588ca70c2a2f4258
SHA1

0bf96aa293e7b8618a0df2742f5336d394ee0afe
SHA256

b759243e0b1b03d3c7f3cf4bdb3f92f81432cb06192e25cb92127815f89ab48c
SHA512

4c8c8a3d414bf999bf0c73bcc820669df74b883c140f90ce856c154dea7910121731adde335c91f338d75cbae5ca9655444426e1dec3df401caaadccda359bf1

Score

10^/10

revengerat stealer trojan

Malware Config

Extracted

Family

revengerat

Mutex

Signatures

RevengeRAT
Remote-access trojan with a wide range of capabilities.
trojan revengerat

RevengeRat Executable 1 IoCs

Processes:

resource	yara_rule
behavioral1/memory/968-56-0x0000000000310000-0x0000000000318000-memory.dmp	revengerat

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

b759243e0b1b03d3c7f3cf4bdb3f92f81432cb06192e25cb92127815f89ab48c.exe

description pid process

Token: SeDebugPrivilege 968 b759243e0b1b03d3c7f3cf4bdb3f92f81432cb06192e25cb92127815f89ab48c.exe

C:\Users\Admin\AppData\Local\Temp\b759243e0b1b03d3c7f3cf4bdb3f92f81432cb06192e25cb92127815f89ab48c.exe
"C:\Users\Admin\AppData\Local\Temp\b759243e0b1b03d3c7f3cf4bdb3f92f81432cb06192e25cb92127815f89ab48c.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:968

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/968-54-0x00000000002C0000-0x000000000030A000-memory.dmp

Filesize
296KB

Download
memory/968-55-0x000007FEF4D03000-0x000007FEF4D04000-memory.dmp

Filesize
4KB

Download
memory/968-56-0x0000000000310000-0x0000000000318000-memory.dmp

Filesize
32KB

Download
memory/968-57-0x000000001B140000-0x000000001B142000-memory.dmp

Filesize
8KB

Download