revengerat | 5f59284e2744ad6c645ec3b837af0ad20b9577d6439c4edf32f0ab30ef0bceaf | Triage

Submit
Reports

Overview

overview

Static

static

5f59284e27...af.exe

windows7_x64

5f59284e27...af.exe

windows10-2004_x64

Sharing

General

Target

5f59284e2744ad6c645ec3b837af0ad20b9577d6439c4edf32f0ab30ef0bceaf
Size

110KB
Sample

220520-enpz4shbd3
MD5

e8803432a8c66bd6dccfdcc66135c5c6
SHA1

f278f4874a7d85234351f48c49ce49a147d7d064
SHA256

5f59284e2744ad6c645ec3b837af0ad20b9577d6439c4edf32f0ab30ef0bceaf
SHA512

3231777d1922a81e5c47f1db846ac8ceef3698bd4e61ca1d68aada3f97c82a0043dd9d51a95f7b68fbe303554ecefa5beb3314d44da0527807a9ccc12ffe6edd

Score

10^/10

revengerat dllhost.exe stealer trojan

Static task

static1

stealer dllhost.exe revengerat

Behavioral task

behavioral1

Sample

5f59284e2744ad6c645ec3b837af0ad20b9577d6439c4edf32f0ab30ef0bceaf.exe

Resource

win7-20220414-en

revengerat dllhost.exe stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

5f59284e2744ad6c645ec3b837af0ad20b9577d6439c4edf32f0ab30ef0bceaf.exe

Resource

win10v2004-20220414-en

revengerat stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

revengerat

Botnet

dllhost.exe

C2

ki0t9ol5puytgrfe.ddns.net:3332

ki0t9ol5puytgrfe.ddns.net:15745

0.tcp.ngrok.io:3332

0.tcp.ngrok.io:15745

Mutex

RV_MUTEX-lawrHJfWfhaRC

Targets

- Target
  
  5f59284e2744ad6c645ec3b837af0ad20b9577d6439c4edf32f0ab30ef0bceaf
- Size
  
  110KB
- MD5
  
  e8803432a8c66bd6dccfdcc66135c5c6
- SHA1
  
  f278f4874a7d85234351f48c49ce49a147d7d064
- SHA256
  
  5f59284e2744ad6c645ec3b837af0ad20b9577d6439c4edf32f0ab30ef0bceaf
- SHA512
  
  3231777d1922a81e5c47f1db846ac8ceef3698bd4e61ca1d68aada3f97c82a0043dd9d51a95f7b68fbe303554ecefa5beb3314d44da0527807a9ccc12ffe6edd
Score

10^/10

revengerat dllhost.exe stealer trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- RevengeRat Executable
  stealer
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

stealerdllhost.exerevengerat

behavioral1

revengeratdllhost.exestealertrojan

behavioral2

revengeratstealertrojan

© 2018-2024

Terms | Privacy