revengerat | abfd0ec88952e18bc865d99fd4e46763fea6fa67bbff6547a23381512b4d3aa9 | Triage

Submit
Reports

Overview

overview

Static

static

abfd0ec889...a9.exe

windows7-x64

abfd0ec889...a9.exe

windows10-2004-x64

Sharing

General

Target

abfd0ec88952e18bc865d99fd4e46763fea6fa67bbff6547a23381512b4d3aa9.bin
Size

143KB
Sample

220719-sn5mfsehd7
MD5

834e298ddb53c9904fb041c8fd72bf71
SHA1

4393a2100d4948977946589db27e6c9dbe66786b
SHA256

abfd0ec88952e18bc865d99fd4e46763fea6fa67bbff6547a23381512b4d3aa9
SHA512

2ae3498cd6ea56263fc160a8df04dcf2c9bfe1c58e412fd5fab4566d6de17288cc8ba9387c184a1a9c4c9c245ce438ac311b10f0498e070dc0f2cd66863d03ec

Score

10^/10

revengerat persistence stealer trojan

Static task

static1

stealer revengerat

2 signatures

Behavioral task

behavioral1

Sample

abfd0ec88952e18bc865d99fd4e46763fea6fa67bbff6547a23381512b4d3aa9.exe

Resource

win7-20220715-en

revengerat persistence stealer trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

abfd0ec88952e18bc865d99fd4e46763fea6fa67bbff6547a23381512b4d3aa9.exe

Resource

win10v2004-20220718-en

revengerat persistence stealer trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  abfd0ec88952e18bc865d99fd4e46763fea6fa67bbff6547a23381512b4d3aa9.bin
- Size
  
  143KB
- MD5
  
  834e298ddb53c9904fb041c8fd72bf71
- SHA1
  
  4393a2100d4948977946589db27e6c9dbe66786b
- SHA256
  
  abfd0ec88952e18bc865d99fd4e46763fea6fa67bbff6547a23381512b4d3aa9
- SHA512
  
  2ae3498cd6ea56263fc160a8df04dcf2c9bfe1c58e412fd5fab4566d6de17288cc8ba9387c184a1a9c4c9c245ce438ac311b10f0498e070dc0f2cd66863d03ec
Score

10^/10

revengerat persistence stealer trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- RevengeRat Executable
  stealer
- Executes dropped EXE
- Drops startup file
- Loads dropped DLL
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

stealerrevengerat

behavioral1

revengeratpersistencestealertrojan

behavioral2

revengeratpersistencestealertrojan

© 2018-2024

Terms | Privacy