revengerat | 3ee2a25d9a6d78d9c9484bd95373bb5a0eb98f5f14d4981e9c572acf7f2ff769 | Triage

Submit
Reports

Overview

overview

Static

static

3ee2a25d9a...69.exe

windows7_x64

3ee2a25d9a...69.exe

windows10-2004_x64

Sharing

General

Target

3ee2a25d9a6d78d9c9484bd95373bb5a0eb98f5f14d4981e9c572acf7f2ff769
Size

193KB
Sample

220701-e5dneacbcm
MD5

b6c3692bfbd98dcc39a6347fa9f4fb69
SHA1

23c2cf93874bb36b5daa25f3bef46b8d93bfa046
SHA256

3ee2a25d9a6d78d9c9484bd95373bb5a0eb98f5f14d4981e9c572acf7f2ff769
SHA512

0c2ca210ad2b90219227629b6e0009c920b96124cc9d5c00379dd97dadca24abccd45503c177cc5a400ca7f27ce255943cf72f01810576e862d02881cc8b33a7

Score

10^/10

revengerat bobo2019 stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

3ee2a25d9a6d78d9c9484bd95373bb5a0eb98f5f14d4981e9c572acf7f2ff769.exe

Resource

win7-20220414-en

revengerat bobo2019 stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

3ee2a25d9a6d78d9c9484bd95373bb5a0eb98f5f14d4981e9c572acf7f2ff769.exe

Resource

win10v2004-20220414-en

revengerat bobo2019 stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

revengerat

Botnet

bobo2019

C2

hushbob123.hopto.org:4951

hushbob12301.hopto.org:4951

hushbob12302.hopto.org:4951

hushbob12303.hopto.org:4951

Mutex

RV_MUTEX-XyMpzZJHOwDt

Targets

- Target
  
  3ee2a25d9a6d78d9c9484bd95373bb5a0eb98f5f14d4981e9c572acf7f2ff769
- Size
  
  193KB
- MD5
  
  b6c3692bfbd98dcc39a6347fa9f4fb69
- SHA1
  
  23c2cf93874bb36b5daa25f3bef46b8d93bfa046
- SHA256
  
  3ee2a25d9a6d78d9c9484bd95373bb5a0eb98f5f14d4981e9c572acf7f2ff769
- SHA512
  
  0c2ca210ad2b90219227629b6e0009c920b96124cc9d5c00379dd97dadca24abccd45503c177cc5a400ca7f27ce255943cf72f01810576e862d02881cc8b33a7
Score

10^/10

revengerat bobo2019 stealer trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- RevengeRat Executable
  stealer
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

revengeratbobo2019stealertrojan

behavioral2

revengeratbobo2019stealertrojan

© 2018-2024

Terms | Privacy