revengerat | ecb0abf95e2873b7ac0f8bf8548e9dcc23e83d808c44594f65057d6ffa73e413 | Triage

Submit
Reports

Overview

overview

Static

static

ecb0abf95e...13.exe

windows7-x64

ecb0abf95e...13.exe

windows10-2004-x64

Sharing

General

Target

ecb0abf95e2873b7ac0f8bf8548e9dcc23e83d808c44594f65057d6ffa73e413
Size

67KB
Sample

221130-sq1raaed5t
MD5

8f5d2e6c2fa3d1e8e10060524ff1d085
SHA1

add5129da13dcfaf912dd81a908cd464509a38c7
SHA256

ecb0abf95e2873b7ac0f8bf8548e9dcc23e83d808c44594f65057d6ffa73e413
SHA512

2e8ece0ad58abc64bb9182843eaa5427f3303f33630823c43b3fd0bf3af096c0ebc81b746a2be410fd8ef7152dd1b903680536cfd77a5e21a774dc10b5c9abea
SSDEEP

768:MeGmGNASzgONow+FdYvIbj4TBA9wM+LzapzgGD23SrzY2h2TiZVFcrFK:xJoAirQ2cj4TBA9wM+H4kGD23SoKCo

Score

10^/10

revengerat persistence stealer trojan

Static task

static1

stealer revengerat

2 signatures

Behavioral task

behavioral1

Sample

ecb0abf95e2873b7ac0f8bf8548e9dcc23e83d808c44594f65057d6ffa73e413.exe

Resource

win7-20220901-en

revengerat persistence stealer trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

ecb0abf95e2873b7ac0f8bf8548e9dcc23e83d808c44594f65057d6ffa73e413.exe

Resource

win10v2004-20220901-en

revengerat persistence stealer trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  ecb0abf95e2873b7ac0f8bf8548e9dcc23e83d808c44594f65057d6ffa73e413
- Size
  
  67KB
- MD5
  
  8f5d2e6c2fa3d1e8e10060524ff1d085
- SHA1
  
  add5129da13dcfaf912dd81a908cd464509a38c7
- SHA256
  
  ecb0abf95e2873b7ac0f8bf8548e9dcc23e83d808c44594f65057d6ffa73e413
- SHA512
  
  2e8ece0ad58abc64bb9182843eaa5427f3303f33630823c43b3fd0bf3af096c0ebc81b746a2be410fd8ef7152dd1b903680536cfd77a5e21a774dc10b5c9abea
- SSDEEP
  
  768:MeGmGNASzgONow+FdYvIbj4TBA9wM+LzapzgGD23SrzY2h2TiZVFcrFK:xJoAirQ2cj4TBA9wM+H4kGD23SoKCo
Score

10^/10

revengerat persistence stealer trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- RevengeRat Executable
  stealer
- Executes dropped EXE
- Drops startup file
- Loads dropped DLL
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

stealerrevengerat

behavioral1

revengeratpersistencestealertrojan

behavioral2

revengeratpersistencestealertrojan

© 2018-2024

Terms | Privacy