revengerat | e8da9985457f46542b7f8c9c2e48f252f6f0d998223271a1bf073754fda2e8e3 | Triage

Submit
Reports

Overview

overview

Static

static

e8da998545...e3.exe

windows7_x64

e8da998545...e3.exe

windows10-2004_x64

Sharing

General

Target

e8da9985457f46542b7f8c9c2e48f252f6f0d998223271a1bf073754fda2e8e3
Size

56KB
Sample

220516-clc7eshhg4
MD5

82c482f8af3d699aeb51034dc506cd1c
SHA1

1c65ce6be62627ee36db9c1b1d912297e6f99abe
SHA256

e8da9985457f46542b7f8c9c2e48f252f6f0d998223271a1bf073754fda2e8e3
SHA512

6f55468830a5fa9fdf30d12300e3fe71ce9ff48f3ebc1d261d2ef50579b0b1aef4b3aff3cf7b337cf92b9b18bc1fe0de9cc9166fa40f5136dfb7151e0fe62899

Score

10^/10

revengerat persistence stealer trojan

Static task

static1

stealer revengerat

Behavioral task

behavioral1

Sample

e8da9985457f46542b7f8c9c2e48f252f6f0d998223271a1bf073754fda2e8e3.exe

Resource

win7-20220414-en

revengerat persistence stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

e8da9985457f46542b7f8c9c2e48f252f6f0d998223271a1bf073754fda2e8e3.exe

Resource

win10v2004-20220414-en

revengerat persistence stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  e8da9985457f46542b7f8c9c2e48f252f6f0d998223271a1bf073754fda2e8e3
- Size
  
  56KB
- MD5
  
  82c482f8af3d699aeb51034dc506cd1c
- SHA1
  
  1c65ce6be62627ee36db9c1b1d912297e6f99abe
- SHA256
  
  e8da9985457f46542b7f8c9c2e48f252f6f0d998223271a1bf073754fda2e8e3
- SHA512
  
  6f55468830a5fa9fdf30d12300e3fe71ce9ff48f3ebc1d261d2ef50579b0b1aef4b3aff3cf7b337cf92b9b18bc1fe0de9cc9166fa40f5136dfb7151e0fe62899
Score

10^/10

revengerat persistence stealer trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- RevengeRat Executable
  stealer
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Scripting

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

stealerrevengerat

behavioral1

revengeratpersistencestealertrojan

behavioral2

revengeratpersistencestealertrojan

© 2018-2024

Terms | Privacy