revengerat | 83a144d39dc86fa698a0138c57790e5f4b3728abd66bab8905b2f0eaf6dba111 | Triage

Submit
Reports

Overview

overview

Static

static

83a144d39d...11.exe

windows7_x64

83a144d39d...11.exe

windows10-2004_x64

Sharing

General

Target

83a144d39dc86fa698a0138c57790e5f4b3728abd66bab8905b2f0eaf6dba111
Size

6.5MB
Sample

220501-3d24paahgm
MD5

78ecf15f03e417d8ed95537e51e51ffa
SHA1

c4f92a3f1ae4f520e67fe4f049fbf847c0a1f76f
SHA256

83a144d39dc86fa698a0138c57790e5f4b3728abd66bab8905b2f0eaf6dba111
SHA512

c08096c2a9e10bfa8d1ae22b8226ed3551b0e1663d679309c9c859ac5add87928612e98b97f91cd020756cfe7d56e62892ba33d33c27763d57625e453b94e29b

Score

10^/10

revengerat persistence stealer trojan

Static task

static1

stealer revengerat

Behavioral task

behavioral1

Sample

83a144d39dc86fa698a0138c57790e5f4b3728abd66bab8905b2f0eaf6dba111.exe

Resource

win7-20220414-en

revengerat persistence stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

83a144d39dc86fa698a0138c57790e5f4b3728abd66bab8905b2f0eaf6dba111.exe

Resource

win10v2004-20220414-en

revengerat persistence stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  83a144d39dc86fa698a0138c57790e5f4b3728abd66bab8905b2f0eaf6dba111
- Size
  
  6.5MB
- MD5
  
  78ecf15f03e417d8ed95537e51e51ffa
- SHA1
  
  c4f92a3f1ae4f520e67fe4f049fbf847c0a1f76f
- SHA256
  
  83a144d39dc86fa698a0138c57790e5f4b3728abd66bab8905b2f0eaf6dba111
- SHA512
  
  c08096c2a9e10bfa8d1ae22b8226ed3551b0e1663d679309c9c859ac5add87928612e98b97f91cd020756cfe7d56e62892ba33d33c27763d57625e453b94e29b
Score

10^/10

revengerat persistence stealer trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- RevengeRat Executable
  stealer
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

stealerrevengerat

behavioral1

revengeratpersistencestealertrojan

behavioral2

revengeratpersistencestealertrojan

© 2018-2024

Terms | Privacy