revengerat | 3e7a2442794542444ce7eb56c63340de1d92912d7d2883cc90dd3787e0d00d3c | Triage

Submit
Reports

Overview

overview

Static

static

3e7a244279...3c.exe

windows7_x64

8

3e7a244279...3c.exe

windows10-2004_x64

8

Sharing

General

Target

3e7a2442794542444ce7eb56c63340de1d92912d7d2883cc90dd3787e0d00d3c
Size

12.4MB
Sample

220311-aemq6sgcgl
MD5

8d7bc30e8f1256b3a1a447e6cf8de012
SHA1

26e266cb7f8b5dc4826d487c1e3bbfe78dfdb87b
SHA256

3e7a2442794542444ce7eb56c63340de1d92912d7d2883cc90dd3787e0d00d3c
SHA512

6e44c6f3ee7614fb286daf80d14ab16d28a5aaca6edcc8db4ca421e991cc583189419271fb23860895726bc29211c8ead4b8edae253dfddaf4493139aa71b692

Score

10^/10

revengerat spyware stealer vmprotect

Static task

static1

stealer revengerat

Behavioral task

behavioral1

Sample

3e7a2442794542444ce7eb56c63340de1d92912d7d2883cc90dd3787e0d00d3c.exe

Resource

win7-20220310-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

3e7a2442794542444ce7eb56c63340de1d92912d7d2883cc90dd3787e0d00d3c.exe

Resource

win10v2004-en-20220113

spyware stealer vmprotect

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  3e7a2442794542444ce7eb56c63340de1d92912d7d2883cc90dd3787e0d00d3c
- Size
  
  12.4MB
- MD5
  
  8d7bc30e8f1256b3a1a447e6cf8de012
- SHA1
  
  26e266cb7f8b5dc4826d487c1e3bbfe78dfdb87b
- SHA256
  
  3e7a2442794542444ce7eb56c63340de1d92912d7d2883cc90dd3787e0d00d3c
- SHA512
  
  6e44c6f3ee7614fb286daf80d14ab16d28a5aaca6edcc8db4ca421e991cc583189419271fb23860895726bc29211c8ead4b8edae253dfddaf4493139aa71b692
Score

8^/10

vmprotect spyware stealer
- Executes dropped EXE
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

stealerrevengerat

behavioral1

behavioral2

spywarestealervmprotect

© 2018-2024

Terms | Privacy