revengerat | 0ffc68fbcfbbe41a6953e4fec099c7082c8fa733273dadd0c197a600be6db5e8 | Triage

Sharing

General

Target

0ffc68fbcfbbe41a6953e4fec099c7082c8fa733273dadd0c197a600be6db5e8
Size

125KB
Sample

220329-xfrg3sdhfp
MD5

1672081c9a9a80b4f2f31e311958fa2c
SHA1

def154edfe4cb8465677ed3fd9fffe506a307caf
SHA256

0ffc68fbcfbbe41a6953e4fec099c7082c8fa733273dadd0c197a600be6db5e8
SHA512

ca292e87ec1b297e0e9bf5f8f270e67a13e20b78c0784fc80da421ba039a89104fe7792bc771acd024f48381979688febeffe65cfbbd1e19b52df768b04a50ca

Score

10^/10

revengerat dec stealer trojan

Malware Config

Extracted

Family

revengerat

Botnet

dec

C2

technovez.duckdns.org:6904

Mutex

RV_MUTEX-bCGPPiCCaKuSAtY

Targets

- Target
  
  0ffc68fbcfbbe41a6953e4fec099c7082c8fa733273dadd0c197a600be6db5e8
- Size
  
  125KB
- MD5
  
  1672081c9a9a80b4f2f31e311958fa2c
- SHA1
  
  def154edfe4cb8465677ed3fd9fffe506a307caf
- SHA256
  
  0ffc68fbcfbbe41a6953e4fec099c7082c8fa733273dadd0c197a600be6db5e8
- SHA512
  
  ca292e87ec1b297e0e9bf5f8f270e67a13e20b78c0784fc80da421ba039a89104fe7792bc771acd024f48381979688febeffe65cfbbd1e19b52df768b04a50ca
Score

10^/10

revengerat dec stealer trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- RevengeRat Executable
  stealer
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Uses the VBS compiler for execution
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

revengeratdecstealertrojan

behavioral2