revengerat | ed50a7dd6b0cb92ea190a8a08511c540a63da514747d0169be3b49ebb6d97914 | Triage

Sharing

General

Target

ed50a7dd6b0cb92ea190a8a08511c540a63da514747d0169be3b49ebb6d97914
Size

474KB
Sample

220615-q8mk9shfem
MD5

29949b137d1cedcce284cd603b3c9a21
SHA1

004bd05389be80be22120457351a02212d93e69c
SHA256

ed50a7dd6b0cb92ea190a8a08511c540a63da514747d0169be3b49ebb6d97914
SHA512

93f24a3d3b2cedbcb7dd492d1eaf2b22cd4ad3fabcab6ebcf2e82f5e0318f376d61a0b9578aa3a6bfa0d428e691d7b2f34e72a78964061c3f5b4ceb420143936

Score

10^/10

revengerat guest persistence trojan

Malware Config

Extracted

Family

revengerat

Botnet

Guest

C2

MTg1LjE2MS4yMDkuNDg=:Njc2Nw==

Mutex

Random

Targets

- Target
  
  ed50a7dd6b0cb92ea190a8a08511c540a63da514747d0169be3b49ebb6d97914
- Size
  
  474KB
- MD5
  
  29949b137d1cedcce284cd603b3c9a21
- SHA1
  
  004bd05389be80be22120457351a02212d93e69c
- SHA256
  
  ed50a7dd6b0cb92ea190a8a08511c540a63da514747d0169be3b49ebb6d97914
- SHA512
  
  93f24a3d3b2cedbcb7dd492d1eaf2b22cd4ad3fabcab6ebcf2e82f5e0318f376d61a0b9578aa3a6bfa0d428e691d7b2f34e72a78964061c3f5b4ceb420143936
Score

10^/10

revengerat guest persistence trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

revengeratguestpersistencetrojan