revengerat | 24056de7e83c92ee0e5b326a15ba25cc959a222d48b81eac6a9dae1783318f1d | Triage

Analysis

max time kernel
4294219s
max time network
135s
platform
windows7_x64
resource
win7-20220311-en
submitted
20-03-2022 00:17

Sharing

Report Analysis Logs

General

Target

24056de7e83c92ee0e5b326a15ba25cc959a222d48b81eac6a9dae1783318f1d.exe
Size

81KB
MD5

1b0fd1b3b90c1dc0dc2ad39915308201
SHA1

4fbfe7d597ffe743f378eae38c1109121e097e5f
SHA256

24056de7e83c92ee0e5b326a15ba25cc959a222d48b81eac6a9dae1783318f1d
SHA512

b57cdcb74cf0a61c6fbb59551001e4202ce2cc170bb78dfcaa53f9c41846c695855bd21937fb91ae326fb8a6d0579b0973c02446cb614f9dc2fee89bea9eb829

Score

10^/10

revengerat stealer trojan

Malware Config

Extracted

Family

revengerat

Mutex

Signatures

RevengeRAT
Remote-access trojan with a wide range of capabilities.
trojan revengerat

RevengeRat Executable 1 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1996-56-0x0000000000490000-0x0000000000498000-memory.dmp	revengerat

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

24056de7e83c92ee0e5b326a15ba25cc959a222d48b81eac6a9dae1783318f1d.exe

description pid process

Token: SeDebugPrivilege 1996 24056de7e83c92ee0e5b326a15ba25cc959a222d48b81eac6a9dae1783318f1d.exe

C:\Users\Admin\AppData\Local\Temp\24056de7e83c92ee0e5b326a15ba25cc959a222d48b81eac6a9dae1783318f1d.exe
"C:\Users\Admin\AppData\Local\Temp\24056de7e83c92ee0e5b326a15ba25cc959a222d48b81eac6a9dae1783318f1d.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1996

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1996-54-0x00000000001B0000-0x00000000001CA000-memory.dmp

Filesize
104KB

Download
memory/1996-55-0x00000000740C0000-0x00000000747AE000-memory.dmp

Filesize
6.9MB

Download
memory/1996-56-0x0000000000490000-0x0000000000498000-memory.dmp

Filesize
32KB

Download
memory/1996-57-0x0000000001EC0000-0x0000000001EC1000-memory.dmp

Filesize
4KB

Download