revengerat | e2b4fb5fd4705700ffa3423a9384039f03967d60c6eac79cc9b9171401ea19ce | Triage

Submit
Reports

Overview

overview

Static

static

0x000a0000...58.exe

windows7_x64

0x000a0000...58.exe

windows10-2004_x64

Sharing

General

Target

0x000a0000000122da-58.dat
Size

86KB
Sample

220612-rm76hseggn
MD5

117fa52c8400ad57e1a32503e7138abc
SHA1

e6cfae7554a85bf343089ba627688ff122188a9e
SHA256

e2b4fb5fd4705700ffa3423a9384039f03967d60c6eac79cc9b9171401ea19ce
SHA512

e615ad092197caca9e6b60d9599b1dc6b66554d9030237bfb109ffc2fbd851efbc623037fe0c9d776cbac9ae8ef232e84b3432df7bed653f343269cac8a17f23

Score

10^/10

revengerat guest stealer trojan

Static task

static1

stealer guest revengerat

Behavioral task

behavioral1

Sample

0x000a0000000122da-58.exe

Resource

win7-20220414-en

revengerat guest stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

0x000a0000000122da-58.exe

Resource

win10v2004-20220414-en

revengerat guest stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

revengerat

Botnet

Guest

C2

blessed147.ddns.net:8089

Mutex

RV_MUTEX

Targets

- Target
  
  0x000a0000000122da-58.dat
- Size
  
  86KB
- MD5
  
  117fa52c8400ad57e1a32503e7138abc
- SHA1
  
  e6cfae7554a85bf343089ba627688ff122188a9e
- SHA256
  
  e2b4fb5fd4705700ffa3423a9384039f03967d60c6eac79cc9b9171401ea19ce
- SHA512
  
  e615ad092197caca9e6b60d9599b1dc6b66554d9030237bfb109ffc2fbd851efbc623037fe0c9d776cbac9ae8ef232e84b3432df7bed653f343269cac8a17f23
Score

10^/10

revengerat guest stealer trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- RevengeRat Executable
  stealer
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Uses the VBS compiler for execution
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

stealerguestrevengerat

behavioral1

revengeratgueststealertrojan

behavioral2

revengeratgueststealertrojan

© 2018-2024

Terms | Privacy