revengerat | 39ca0763bd03a8d005101682a0cc6fec9bbef0549effe79a1405eab59635ef08 | Triage

Submit
Reports

Overview

overview

Static

static

39ca0763bd...08.exe

windows7_x64

39ca0763bd...08.exe

windows10-2004_x64

Sharing

General

Target

39ca0763bd03a8d005101682a0cc6fec9bbef0549effe79a1405eab59635ef08
Size

18KB
Sample

220625-ka6zcsfbg7
MD5

1a506f45ee5eb2764fdf980f0fbaf7ca
SHA1

6dd081bb7b55540bcf9896c6cfbf037d73f03f4a
SHA256

39ca0763bd03a8d005101682a0cc6fec9bbef0549effe79a1405eab59635ef08
SHA512

ed99e3c1c64942af342da0e400463fae33c17496c4fe8ce9d33d26546eb221066b556df24b38d6659d49910d2c28fcde1fc67f7cd8c38266ab00148c85eeda7c

Score

10^/10

revengerat anoy persistence stealer trojan

Static task

static1

stealer anoy revengerat

Behavioral task

behavioral1

Sample

39ca0763bd03a8d005101682a0cc6fec9bbef0549effe79a1405eab59635ef08.exe

Resource

win7-20220414-en

revengerat anoy persistence stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

39ca0763bd03a8d005101682a0cc6fec9bbef0549effe79a1405eab59635ef08.exe

Resource

win10v2004-20220414-en

revengerat anoy persistence stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

revengerat

Botnet

Anoy

C2

anoy.zapto.org:1155

Mutex

RV_MUTEX-rClgZblRvZwfR

Targets

- Target
  
  39ca0763bd03a8d005101682a0cc6fec9bbef0549effe79a1405eab59635ef08
- Size
  
  18KB
- MD5
  
  1a506f45ee5eb2764fdf980f0fbaf7ca
- SHA1
  
  6dd081bb7b55540bcf9896c6cfbf037d73f03f4a
- SHA256
  
  39ca0763bd03a8d005101682a0cc6fec9bbef0549effe79a1405eab59635ef08
- SHA512
  
  ed99e3c1c64942af342da0e400463fae33c17496c4fe8ce9d33d26546eb221066b556df24b38d6659d49910d2c28fcde1fc67f7cd8c38266ab00148c85eeda7c
Score

10^/10

revengerat anoy persistence stealer trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- RevengeRat Executable
  stealer
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

stealeranoyrevengerat

behavioral1

revengeratanoypersistencestealertrojan

behavioral2

revengeratanoypersistencestealertrojan

© 2018-2024

Terms | Privacy