revengerat | 40fc54d93205c2049c62da528426414b2bbe1428b22ed6cea5cef4be324e873c | Triage

Sharing

General

Target

40fc54d93205c2049c62da528426414b2bbe1428b22ed6cea5cef4be324e873c
Size

26KB
Sample

220503-yxdg8aecbp
MD5

6aa840d90f457f13082c87f64d952a41
SHA1

10387f6dd42bf4fc9309f826aed9d4e169fb2c08
SHA256

40fc54d93205c2049c62da528426414b2bbe1428b22ed6cea5cef4be324e873c
SHA512

6788e8d3bb92fe044b235f7b856303b9cd13a50d64d493eeac99aef5fa3515c8499f4d7de4da3c8bd32472deefe15da28043717d0bb715af9c24dafc8ad58f9b

Score

10^/10

revengerat guest stealer trojan

Malware Config

Extracted

Family

revengerat

Botnet

Guest

C2

mrhackeer.ddns.net:1177

Mutex

RV_MUTEX-UYBxGgZHxuuVY

Targets

- Target
  
  40fc54d93205c2049c62da528426414b2bbe1428b22ed6cea5cef4be324e873c
- Size
  
  26KB
- MD5
  
  6aa840d90f457f13082c87f64d952a41
- SHA1
  
  10387f6dd42bf4fc9309f826aed9d4e169fb2c08
- SHA256
  
  40fc54d93205c2049c62da528426414b2bbe1428b22ed6cea5cef4be324e873c
- SHA512
  
  6788e8d3bb92fe044b235f7b856303b9cd13a50d64d493eeac99aef5fa3515c8499f4d7de4da3c8bd32472deefe15da28043717d0bb715af9c24dafc8ad58f9b
Score

10^/10

revengerat guest stealer trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- RevengeRat Executable
  stealer
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

revengeratgueststealertrojan

behavioral2