revengerat | 375b0b46734021995ef5f6c9c8c6f2dfd7fbf84064846c551bb8cd804d18100d | Triage

Submit
Reports

Overview

overview

Static

static

375b0b4673...0d.exe

windows7_x64

375b0b4673...0d.exe

windows10-2004_x64

Sharing

General

Target

375b0b46734021995ef5f6c9c8c6f2dfd7fbf84064846c551bb8cd804d18100d
Size

804KB
Sample

220508-2fgebshdc7
MD5

bfaaa88505cadf67b0b1f2ba2b4e1866
SHA1

9d8576b01fde92ffc7a2ec187ed5ebd0d69275f9
SHA256

375b0b46734021995ef5f6c9c8c6f2dfd7fbf84064846c551bb8cd804d18100d
SHA512

495c644934b446a706f04bdc4b7078d4b71f44a86e1d19595bea405dcaddaecd0d88709df4ede61177dcee072da91d728a12d8ebe66e5de30918791a69a2aa88

Score

10^/10

revengerat persistence stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

375b0b46734021995ef5f6c9c8c6f2dfd7fbf84064846c551bb8cd804d18100d.exe

Resource

win7-20220414-en

revengerat persistence stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

375b0b46734021995ef5f6c9c8c6f2dfd7fbf84064846c551bb8cd804d18100d.exe

Resource

win10v2004-20220414-en

revengerat persistence stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  375b0b46734021995ef5f6c9c8c6f2dfd7fbf84064846c551bb8cd804d18100d
- Size
  
  804KB
- MD5
  
  bfaaa88505cadf67b0b1f2ba2b4e1866
- SHA1
  
  9d8576b01fde92ffc7a2ec187ed5ebd0d69275f9
- SHA256
  
  375b0b46734021995ef5f6c9c8c6f2dfd7fbf84064846c551bb8cd804d18100d
- SHA512
  
  495c644934b446a706f04bdc4b7078d4b71f44a86e1d19595bea405dcaddaecd0d88709df4ede61177dcee072da91d728a12d8ebe66e5de30918791a69a2aa88
Score

10^/10

revengerat persistence stealer trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- RevengeRat Executable
  stealer
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

revengeratpersistencestealertrojan

behavioral2

revengeratpersistencestealertrojan

© 2018-2024

Terms | Privacy