revengerat | 9b010a715df630f7ef61d944b3aef0c412f6f90604e61776b7403ec8ab9a8b45 | Triage

Analysis

max time kernel
150s
max time network
49s
platform
windows7_x64
resource
win7-20220414-en
submitted
20-04-2022 02:32

Sharing

Report Analysis Logs

General

Target

9b010a715df630f7ef61d944b3aef0c412f6f90604e61776b7403ec8ab9a8b45.exe
Size

58KB
MD5

64c8cebab58b85ad9a395b2e435c9f3f
SHA1

f11370500d686cf69a34e2848428a8ec0f24d69d
SHA256

9b010a715df630f7ef61d944b3aef0c412f6f90604e61776b7403ec8ab9a8b45
SHA512

360d41015dce521705efb1514ae28e6402dda2b3ec1125942ce46bcc638304ced77a23c3ec8777bf84511d47c47c76a40d98a5cdda6525c872711b0f36fd59b3

Score

10^/10

revengerat stealer trojan

Malware Config

Extracted

Family

revengerat

Mutex

Signatures

RevengeRAT
Remote-access trojan with a wide range of capabilities.
trojan revengerat

RevengeRat Executable 1 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1980-56-0x00000000002F0000-0x00000000002F8000-memory.dmp	revengerat

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

9b010a715df630f7ef61d944b3aef0c412f6f90604e61776b7403ec8ab9a8b45.exe

description pid process

Token: SeDebugPrivilege 1980 9b010a715df630f7ef61d944b3aef0c412f6f90604e61776b7403ec8ab9a8b45.exe

C:\Users\Admin\AppData\Local\Temp\9b010a715df630f7ef61d944b3aef0c412f6f90604e61776b7403ec8ab9a8b45.exe
"C:\Users\Admin\AppData\Local\Temp\9b010a715df630f7ef61d944b3aef0c412f6f90604e61776b7403ec8ab9a8b45.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1980

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1980-54-0x0000000000350000-0x0000000000364000-memory.dmp

Filesize
80KB

Download
memory/1980-55-0x00000000768D1000-0x00000000768D3000-memory.dmp

Filesize
8KB

Download
memory/1980-56-0x00000000002F0000-0x00000000002F8000-memory.dmp

Filesize
32KB

Download