revengerat | 4322f3a9121766619306d7b91f2620880d40d038350f924391cc9f0fb38b1118 | Triage

Submit
Reports

Overview

overview

Static

static

4322f3a912...18.exe

windows7_x64

4322f3a912...18.exe

windows10-2004_x64

Sharing

General

Target

4322f3a9121766619306d7b91f2620880d40d038350f924391cc9f0fb38b1118
Size

819KB
Sample

220707-3v4nvahbfr
MD5

5b9dd49ffe63a9cc638f28383cacac8f
SHA1

6ea781eb54e023b9dc06599be6349cb7c7eb8a37
SHA256

4322f3a9121766619306d7b91f2620880d40d038350f924391cc9f0fb38b1118
SHA512

abdb1b0f3b18c8a85b5b3bd7dced382408cf0f37aa47dfc622546b793e17f5629f475666c399e0eafbc16c94368b1a727e6bdbaf104f00df2b9e04910662a36f

Score

10^/10

revengerat babayaga persistence stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

4322f3a9121766619306d7b91f2620880d40d038350f924391cc9f0fb38b1118.exe

Resource

win7-20220414-en

revengerat babayaga persistence stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

4322f3a9121766619306d7b91f2620880d40d038350f924391cc9f0fb38b1118.exe

Resource

win10v2004-20220414-en

revengerat babayaga persistence stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

revengerat

Botnet

BABAYAGA

C2

condor777.chickenkiller.com:1604

Mutex

EZlNApdygPhSv

Targets

- Target
  
  4322f3a9121766619306d7b91f2620880d40d038350f924391cc9f0fb38b1118
- Size
  
  819KB
- MD5
  
  5b9dd49ffe63a9cc638f28383cacac8f
- SHA1
  
  6ea781eb54e023b9dc06599be6349cb7c7eb8a37
- SHA256
  
  4322f3a9121766619306d7b91f2620880d40d038350f924391cc9f0fb38b1118
- SHA512
  
  abdb1b0f3b18c8a85b5b3bd7dced382408cf0f37aa47dfc622546b793e17f5629f475666c399e0eafbc16c94368b1a727e6bdbaf104f00df2b9e04910662a36f
Score

10^/10

revengerat babayaga persistence stealer trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- RevengeRat Executable
  stealer
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

revengeratbabayagapersistencestealertrojan

behavioral2

revengeratbabayagapersistencestealertrojan

© 2018-2024

Terms | Privacy