revengerat | d94c2a5ea62d3c59414860b031c2926c30603f6276030f5ab5d6796d59b918ea | Triage

Submit
Reports

Overview

overview

Static

static

d94c2a5ea6...ea.exe

windows7_x64

d94c2a5ea6...ea.exe

windows10-2004_x64

Sharing

General

Target

d94c2a5ea62d3c59414860b031c2926c30603f6276030f5ab5d6796d59b918ea
Size

17KB
Sample

220523-3z7ajadegm
MD5

759e1216fa75f7fca3bc7c84094ca531
SHA1

399e938b13613873c3f50759ce9386a38968ca3f
SHA256

d94c2a5ea62d3c59414860b031c2926c30603f6276030f5ab5d6796d59b918ea
SHA512

7bb0bbe4033b966978c4a621822b40184e0a63748151cdfe50fb7d659c74dedae8c9e8fd142e1aaf495c23556683173b70ba65e4af14ebac44c6fa787fa66917

Score

10^/10

revengerat 2sp force dz persistence stealer trojan

Static task

static1

stealer 2sp force dz revengerat

Behavioral task

behavioral1

Sample

d94c2a5ea62d3c59414860b031c2926c30603f6276030f5ab5d6796d59b918ea.exe

Resource

win7-20220414-en

revengerat 2sp force dz persistence stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

d94c2a5ea62d3c59414860b031c2926c30603f6276030f5ab5d6796d59b918ea.exe

Resource

win10v2004-20220414-en

revengerat 2sp force dz persistence stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

revengerat

Botnet

2SP Force DZ

C2

imaneblueyesvpn.ddns.net:333

Mutex

RV_MUTEX-jpnFwUnoWrUUg

Targets

- Target
  
  d94c2a5ea62d3c59414860b031c2926c30603f6276030f5ab5d6796d59b918ea
- Size
  
  17KB
- MD5
  
  759e1216fa75f7fca3bc7c84094ca531
- SHA1
  
  399e938b13613873c3f50759ce9386a38968ca3f
- SHA256
  
  d94c2a5ea62d3c59414860b031c2926c30603f6276030f5ab5d6796d59b918ea
- SHA512
  
  7bb0bbe4033b966978c4a621822b40184e0a63748151cdfe50fb7d659c74dedae8c9e8fd142e1aaf495c23556683173b70ba65e4af14ebac44c6fa787fa66917
Score

10^/10

revengerat 2sp force dz persistence stealer trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- RevengeRat Executable
  stealer
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

stealer2sp force dzrevengerat

behavioral1

revengerat2sp force dzpersistencestealertrojan

behavioral2

revengerat2sp force dzpersistencestealertrojan

© 2018-2024

Terms | Privacy