revengerat | 6f0108291363fe6af24a32c77e502e5241369d35bb33b828c899b31824823eef | Triage

Sharing

General

Target

6f0108291363fe6af24a32c77e502e5241369d35bb33b828c899b31824823eef
Size

82KB
Sample

220524-babnsaebhl
MD5

6e6667b71a86780268828232d4363f63
SHA1

e6f6cb0f70c628c797d2e79717cc331c8f5d3f76
SHA256

6f0108291363fe6af24a32c77e502e5241369d35bb33b828c899b31824823eef
SHA512

6400e6e56d5b163050f96d96cb82ad53960efb518760b7c99e7b62886a45d40f1aa914bd872a83fbdc9d0049bcb4ef084ff9027d6affb2cd1363382c6e193395

Score

10^/10

revengerat fram 3 fabio stealer trojan

Malware Config

Extracted

Family

revengerat

Botnet

FRAM 3 FABIO

C2

rua7.ddns.net:1000

Mutex

RV_MUTEX-RRHXJvbCGPPiC

Targets

- Target
  
  6f0108291363fe6af24a32c77e502e5241369d35bb33b828c899b31824823eef
- Size
  
  82KB
- MD5
  
  6e6667b71a86780268828232d4363f63
- SHA1
  
  e6f6cb0f70c628c797d2e79717cc331c8f5d3f76
- SHA256
  
  6f0108291363fe6af24a32c77e502e5241369d35bb33b828c899b31824823eef
- SHA512
  
  6400e6e56d5b163050f96d96cb82ad53960efb518760b7c99e7b62886a45d40f1aa914bd872a83fbdc9d0049bcb4ef084ff9027d6affb2cd1363382c6e193395
Score

10^/10

revengerat fram 3 fabio stealer trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- RevengeRat Executable
  stealer
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

revengeratfram 3 fabiostealertrojan

behavioral2