revengerat | a2639ef31af5e1015463f0663982ae4bd10271f1660cdec494cfb8848b2c87a0 | Triage

Submit
Reports

Overview

overview

Static

static

0x00090000...58.exe

windows7_x64

0x00090000...58.exe

windows10-2004_x64

Sharing

General

Target

0x0009000000012733-58.dat
Size

92KB
Sample

220612-3qv6xagba8
MD5

2b6dc42dc5c0b40bf131dc3eb4f7b4ba
SHA1

277a44b6fc468199180efdab5c4151e5b772e2b9
SHA256

a2639ef31af5e1015463f0663982ae4bd10271f1660cdec494cfb8848b2c87a0
SHA512

98f993806bafe8924fe58e92d4441376350117eeb3b17f9e74221cbe4410376592050a7d05e3b914ca39eef63583356df0213def1510d6bb233f77ee45c6a11d

Score

10^/10

revengerat guest persistence stealer trojan

Static task

static1

stealer guest revengerat

Behavioral task

behavioral1

Sample

0x0009000000012733-58.exe

Resource

win7-20220414-en

revengerat guest persistence stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

0x0009000000012733-58.exe

Resource

win10v2004-20220414-en

revengerat guest persistence stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

revengerat

Botnet

Guest

C2

blessed147.ddns.net:8089

Mutex

RV_MUTEX

Targets

- Target
  
  0x0009000000012733-58.dat
- Size
  
  92KB
- MD5
  
  2b6dc42dc5c0b40bf131dc3eb4f7b4ba
- SHA1
  
  277a44b6fc468199180efdab5c4151e5b772e2b9
- SHA256
  
  a2639ef31af5e1015463f0663982ae4bd10271f1660cdec494cfb8848b2c87a0
- SHA512
  
  98f993806bafe8924fe58e92d4441376350117eeb3b17f9e74221cbe4410376592050a7d05e3b914ca39eef63583356df0213def1510d6bb233f77ee45c6a11d
Score

10^/10

revengerat guest persistence stealer trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- RevengeRat Executable
  stealer
- Executes dropped EXE
- Drops startup file
- Loads dropped DLL
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

stealerguestrevengerat

behavioral1

revengeratguestpersistencestealertrojan

behavioral2

revengeratguestpersistencestealertrojan

© 2018-2024

Terms | Privacy