revengerat | 10a28503ba499d3291c1efaef2d80b9b592080985145620a385ae81da445e834 | Triage

Submit
Reports

Overview

overview

Static

static

10a28503ba...34.exe

windows7_x64

10a28503ba...34.exe

windows10-2004_x64

Sharing

General

Target

10a28503ba499d3291c1efaef2d80b9b592080985145620a385ae81da445e834
Size

109KB
Sample

220604-nwbbcsdhf4
MD5

efc82597070103fb87f32c43869a90a3
SHA1

ac3dc577cc7a105cf6db8c43bf3c8e109080ea90
SHA256

10a28503ba499d3291c1efaef2d80b9b592080985145620a385ae81da445e834
SHA512

3f48b30cb0c14d572bad8ef8f2f00c9b2ddcf4f27dcc24c6a3966c1ce8fdc6ab95dceecf4584ae0784fe1d609d7b652c6977abdc81b59f0996df72d98f1f5303

Score

10^/10

revengerat guest persistence stealer trojan

Static task

static1

stealer guest revengerat

Behavioral task

behavioral1

Sample

10a28503ba499d3291c1efaef2d80b9b592080985145620a385ae81da445e834.exe

Resource

win7-20220414-en

revengerat guest stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

10a28503ba499d3291c1efaef2d80b9b592080985145620a385ae81da445e834.exe

Resource

win10v2004-20220414-en

revengerat guest persistence stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

revengerat

Botnet

Guest

C2

gyhjgyj.myq-see.com:333

Mutex

RV_MUTEX-AgZblRvZwfRtN

Targets

- Target
  
  10a28503ba499d3291c1efaef2d80b9b592080985145620a385ae81da445e834
- Size
  
  109KB
- MD5
  
  efc82597070103fb87f32c43869a90a3
- SHA1
  
  ac3dc577cc7a105cf6db8c43bf3c8e109080ea90
- SHA256
  
  10a28503ba499d3291c1efaef2d80b9b592080985145620a385ae81da445e834
- SHA512
  
  3f48b30cb0c14d572bad8ef8f2f00c9b2ddcf4f27dcc24c6a3966c1ce8fdc6ab95dceecf4584ae0784fe1d609d7b652c6977abdc81b59f0996df72d98f1f5303
Score

10^/10

revengerat guest stealer trojan persistence
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- RevengeRat Executable
  stealer
- Executes dropped EXE
- Drops startup file
- Loads dropped DLL
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

stealerguestrevengerat

behavioral1

revengeratgueststealertrojan

behavioral2

revengeratguestpersistencestealertrojan

© 2018-2024

Terms | Privacy