revengerat | e80c263898c20c3312264ecb17dc37e3752562233f99c55bddd7fe2fc1cecbbf | Triage

Sharing

General

Target

e80c263898c20c3312264ecb17dc37e3752562233f99c55bddd7fe2fc1cecbbf
Size

81KB
Sample

220625-lgcjrseggm
MD5

f44f71fbbb725def604dc7681163d7c3
SHA1

a270d1637bb509f72de959461286421ace9cc7e7
SHA256

e80c263898c20c3312264ecb17dc37e3752562233f99c55bddd7fe2fc1cecbbf
SHA512

4c366b0162f3949e5c62c744d4fd62d43dc8e07f9177c2bd25484ea9e43d714ddf46ff5af5192d7dacad04fd826d59a55ed2871dd318b307333abfcaa0edfd36

Score

10^/10

revengerat paulinhaaa stealer trojan

Malware Config

Extracted

Family

revengerat

Botnet

PAULINHAAA

C2

4099.ddns.net:1515

popup.duckdns.org:1515

Mutex

RV_MUTEX-NNHuiGGjjtnxD

Targets

- Target
  
  e80c263898c20c3312264ecb17dc37e3752562233f99c55bddd7fe2fc1cecbbf
- Size
  
  81KB
- MD5
  
  f44f71fbbb725def604dc7681163d7c3
- SHA1
  
  a270d1637bb509f72de959461286421ace9cc7e7
- SHA256
  
  e80c263898c20c3312264ecb17dc37e3752562233f99c55bddd7fe2fc1cecbbf
- SHA512
  
  4c366b0162f3949e5c62c744d4fd62d43dc8e07f9177c2bd25484ea9e43d714ddf46ff5af5192d7dacad04fd826d59a55ed2871dd318b307333abfcaa0edfd36
Score

10^/10

revengerat paulinhaaa stealer trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- RevengeRat Executable
  stealer
- Drops startup file
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

revengeratpaulinhaaastealertrojan

behavioral2