revengerat | 94d9cfda3e2a60aea012b0948c9f9eaf55d1f7d90fb1bc9e9c094a3a064669ad | Triage

Sharing

General

Target

94d9cfda3e2a60aea012b0948c9f9eaf55d1f7d90fb1bc9e9c094a3a064669ad
Size

99KB
Sample

220625-lda7jaefej
MD5

5391a62d2df63872a0cb74a6df44f832
SHA1

46f3c7bae6f4f3b71d79692585d154ddda84d1bb
SHA256

94d9cfda3e2a60aea012b0948c9f9eaf55d1f7d90fb1bc9e9c094a3a064669ad
SHA512

e2d2ae51a74ba02f61e2372569ddb31a70cd433f4e79ee390033d1e59ffe17fbd2f10803502297aebbdef039a2b039a17c1218c721f6e14476d1f59284d57617

Score

10^/10

revengerat poweershel stealer trojan

Malware Config

Extracted

Family

revengerat

Botnet

poweershel

C2

40999up.sytes.net:1515

acecervolta.duckdns.org:1515

Mutex

RV_MUTEX-xgZblRvZwfRt

Targets

- Target
  
  94d9cfda3e2a60aea012b0948c9f9eaf55d1f7d90fb1bc9e9c094a3a064669ad
- Size
  
  99KB
- MD5
  
  5391a62d2df63872a0cb74a6df44f832
- SHA1
  
  46f3c7bae6f4f3b71d79692585d154ddda84d1bb
- SHA256
  
  94d9cfda3e2a60aea012b0948c9f9eaf55d1f7d90fb1bc9e9c094a3a064669ad
- SHA512
  
  e2d2ae51a74ba02f61e2372569ddb31a70cd433f4e79ee390033d1e59ffe17fbd2f10803502297aebbdef039a2b039a17c1218c721f6e14476d1f59284d57617
Score

10^/10

revengerat poweershel stealer trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- RevengeRat Executable
  stealer
- Drops startup file
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

revengeratpoweershelstealertrojan

behavioral2