revengerat | fb7392139a115fcf8e9f741d3187d5bdb682be4f7babc52e9fcd6bd6fc897c31 | Triage

Submit
Reports

Overview

overview

Static

static

FB7392139A...BC.exe

windows7-x64

FB7392139A...BC.exe

windows10-2004-x64

Sharing

General

Target

FB7392139A115FCF8E9F741D3187D5BDB682BE4F7BABC.exe
Size

21.6MB
Sample

230129-vp9c5seh27
MD5

6631fd90c648d10b65e4778010c7c2fb
SHA1

53d833a9b6238247ae63deb0bbaeb1264c3dbffc
SHA256

fb7392139a115fcf8e9f741d3187d5bdb682be4f7babc52e9fcd6bd6fc897c31
SHA512

f3765881e58ebbe6876c31600f6da115b9bfa2be1a5053a88e60e3a8e52cf38e2d629841a60e1e6ea7751aaef3f9e81ab38e8de3ff6ab473e748475cc3ab859e
SSDEEP

393216:tq5jjbBR1Ha+LAkVcPjvdgcKCqNSLIWURm/UHFo6FkhC:qBR1HDNOPJgcKCHhsHFDz

Score

10^/10

revengerat persistence stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

FB7392139A115FCF8E9F741D3187D5BDB682BE4F7BABC.exe

Resource

win7-20221111-en

revengerat persistence stealer trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

FB7392139A115FCF8E9F741D3187D5BDB682BE4F7BABC.exe

Resource

win10v2004-20220812-en

revengerat persistence stealer trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  FB7392139A115FCF8E9F741D3187D5BDB682BE4F7BABC.exe
- Size
  
  21.6MB
- MD5
  
  6631fd90c648d10b65e4778010c7c2fb
- SHA1
  
  53d833a9b6238247ae63deb0bbaeb1264c3dbffc
- SHA256
  
  fb7392139a115fcf8e9f741d3187d5bdb682be4f7babc52e9fcd6bd6fc897c31
- SHA512
  
  f3765881e58ebbe6876c31600f6da115b9bfa2be1a5053a88e60e3a8e52cf38e2d629841a60e1e6ea7751aaef3f9e81ab38e8de3ff6ab473e748475cc3ab859e
- SSDEEP
  
  393216:tq5jjbBR1Ha+LAkVcPjvdgcKCqNSLIWURm/UHFo6FkhC:qBR1HDNOPJgcKCHhsHFDz
Score

10^/10

revengerat persistence stealer trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- RevengeRat Executable
  stealer
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

revengeratpersistencestealertrojan

behavioral2

revengeratpersistencestealertrojan

© 2018-2024

Terms | Privacy