revengerat | 5211a46ac100bb4e5bbf98c0e2ee7b373df6d90090936a003e6c843313bb9655 | Triage

Submit
Reports

Overview

overview

Static

static

5211a46ac1...55.exe

windows7_x64

5211a46ac1...55.exe

windows10-2004_x64

Sharing

General

Target

5211a46ac100bb4e5bbf98c0e2ee7b373df6d90090936a003e6c843313bb9655
Size

54KB
Sample

220415-bb1djaaec9
MD5

3bcbc6677190cc3222409e1ebc17fd94
SHA1

d214dfe5cc5aa2ac3400d9ae2c77ae0186f0e60e
SHA256

5211a46ac100bb4e5bbf98c0e2ee7b373df6d90090936a003e6c843313bb9655
SHA512

13b609b13dadc6a423313ed958041534d4cb6ca28fb3011ed76cdd006835cecbaac55c7af048b361400b90a157182d5914d1fc0f4c39a526f21c2e0bea3b5974

Score

10^/10

revengerat dp persistence stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

5211a46ac100bb4e5bbf98c0e2ee7b373df6d90090936a003e6c843313bb9655.exe

Resource

win7-20220414-en

revengerat dp persistence stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

5211a46ac100bb4e5bbf98c0e2ee7b373df6d90090936a003e6c843313bb9655.exe

Resource

win10v2004-20220414-en

revengerat dp persistence stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

revengerat

Botnet

DP

C2

akkaibalol-31403.portmap.host:31403

Mutex

RV_MUTEX-flgZblRvZwfRtN

Targets

- Target
  
  5211a46ac100bb4e5bbf98c0e2ee7b373df6d90090936a003e6c843313bb9655
- Size
  
  54KB
- MD5
  
  3bcbc6677190cc3222409e1ebc17fd94
- SHA1
  
  d214dfe5cc5aa2ac3400d9ae2c77ae0186f0e60e
- SHA256
  
  5211a46ac100bb4e5bbf98c0e2ee7b373df6d90090936a003e6c843313bb9655
- SHA512
  
  13b609b13dadc6a423313ed958041534d4cb6ca28fb3011ed76cdd006835cecbaac55c7af048b361400b90a157182d5914d1fc0f4c39a526f21c2e0bea3b5974
Score

10^/10

revengerat dp persistence stealer trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- RevengeRat Executable
  stealer
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

revengeratdppersistencestealertrojan

behavioral2

revengeratdppersistencestealertrojan

© 2018-2024

Terms | Privacy