revengerat | 3ef00155baeabbeb0ef1c43d331acc59cf051bfe03257679afe23555743ec898 | Triage

Submit
Reports

Overview

overview

Static

static

3ef00155ba...98.exe

windows7_x64

3ef00155ba...98.exe

windows10-2004_x64

Sharing

General

Target

3ef00155baeabbeb0ef1c43d331acc59cf051bfe03257679afe23555743ec898
Size

3.4MB
Sample

220311-etfcvsgaa9
MD5

a0831b1b18e7f3fc23ab72b2d4ee8bff
SHA1

bf53a73c0b14425c4c2df960613c22a5bdd5a172
SHA256

3ef00155baeabbeb0ef1c43d331acc59cf051bfe03257679afe23555743ec898
SHA512

78db962ba5bdfc66a11df57190e56fc6c006d1048467537b96a1d1f54b6335258910cbacc1ca5de3532130bbcf80816fa0ef6fab07bf056c25b3c38535342f8c

Score

10^/10

revengerat persistence stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

3ef00155baeabbeb0ef1c43d331acc59cf051bfe03257679afe23555743ec898.exe

Resource

win7-20220310-en

revengerat persistence stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

3ef00155baeabbeb0ef1c43d331acc59cf051bfe03257679afe23555743ec898.exe

Resource

win10v2004-en-20220113

revengerat persistence stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  3ef00155baeabbeb0ef1c43d331acc59cf051bfe03257679afe23555743ec898
- Size
  
  3.4MB
- MD5
  
  a0831b1b18e7f3fc23ab72b2d4ee8bff
- SHA1
  
  bf53a73c0b14425c4c2df960613c22a5bdd5a172
- SHA256
  
  3ef00155baeabbeb0ef1c43d331acc59cf051bfe03257679afe23555743ec898
- SHA512
  
  78db962ba5bdfc66a11df57190e56fc6c006d1048467537b96a1d1f54b6335258910cbacc1ca5de3532130bbcf80816fa0ef6fab07bf056c25b3c38535342f8c
Score

10^/10

revengerat persistence stealer trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- RevengeRat Executable
  stealer
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

revengeratpersistencestealertrojan

behavioral2

revengeratpersistencestealertrojan

© 2018-2024

Terms | Privacy