revengerat

General

Target

ba5821b52acfddb0094f6746a88a99b3fd5152cbec21d05bac8611a0921052f7
Size

8.0MB
Sample

220316-zc89tsgbh4
MD5

45df7cac0ed5b81ab9ce28a44a60a132
SHA1

e879b5ffd2d9f79be12472395130a0b67c12e13e
SHA256

ba5821b52acfddb0094f6746a88a99b3fd5152cbec21d05bac8611a0921052f7
SHA512

6456c1d821031c3e090f1a6c807da61b639306ef64c6d0b233cc5770ea4a0280ebca19c9f3dbaf4b74f717a6237a2b744cfab851075ad9e5cb168fda01428086

Score

10^/10

Malware Config

Extracted

Language

hta

Source

URLs

hta.dropper

https://www.minpic.de/k/b7d6/44dea/

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://www.minpic.de/k/b7d4/1jepll/

Extracted

Family

revengerat

Botnet

Guest

C2

185.25.50.196:64537

Mutex

RV_MUTEX-pnFwUnoWrUUgHRH

Targets

- Target
  
  ba5821b52acfddb0094f6746a88a99b3fd5152cbec21d05bac8611a0921052f7
- Size
  
  8.0MB
- MD5
  
  45df7cac0ed5b81ab9ce28a44a60a132
- SHA1
  
  e879b5ffd2d9f79be12472395130a0b67c12e13e
- SHA256
  
  ba5821b52acfddb0094f6746a88a99b3fd5152cbec21d05bac8611a0921052f7
- SHA512
  
  6456c1d821031c3e090f1a6c807da61b639306ef64c6d0b233cc5770ea4a0280ebca19c9f3dbaf4b74f717a6237a2b744cfab851075ad9e5cb168fda01428086
Score

10^/10

revengerat guest stealer trojan upx
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- RevengeRat Executable
  stealer
- Blocklisted process makes network request
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Targets

RevengeRat Executable

Blocklisted process makes network request

Executes dropped EXE

UPX packed file

Checks computer location settings

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2