revengerat | 51fc1cf2dbaed0c5ff69592c4cd4a6f1d64aedebb981ead20713dfc940e86ce5 | Triage

Submit
Reports

Overview

overview

Static

static

Client‮4PM..exe

windows10-2004-x64

Sharing

General

Target

Client‮4PM..exe
Size

110KB
Sample

230201-1ewbesec9z
MD5

daff18d429d8e204c64744a3a88ba2ba
SHA1

1114cad32e4cd92fde15074d9dc99d8566d79b6c
SHA256

51fc1cf2dbaed0c5ff69592c4cd4a6f1d64aedebb981ead20713dfc940e86ce5
SHA512

848f40484c50c2eaa7d02419aa0b7d10f8689724ad1053f72fccf1d30c2e574e6298e4c715091b5fdb4b5510461eb595acb1a6137edb641dbd2b7ef8a6a3c9e0
SSDEEP

1536:BaSUrc/jYJ4c6hFJQn5pNS9jO8jc2jadmn+3iDBq+KD3tSYCz9+:gSUejMaFGn/ejO8jcqadKDG9SYy9+

Score

10^/10

revengerat guest persistence stealer trojan

Static task

static1

stealer guest revengerat

2 signatures

Behavioral task

behavioral1

Sample

Client‮4PM..exe

Resource

win10v2004-20220812-en

revengerat guest persistence stealer trojan

windows10-2004-x64

13 signatures

300 seconds

Malware Config

Extracted

Family

revengerat

Botnet

Guest

C2

applications-tri.at.ply.gg:28896

Mutex

Updater

Targets

- Target
  
  Client‮4PM..exe
- Size
  
  110KB
- MD5
  
  daff18d429d8e204c64744a3a88ba2ba
- SHA1
  
  1114cad32e4cd92fde15074d9dc99d8566d79b6c
- SHA256
  
  51fc1cf2dbaed0c5ff69592c4cd4a6f1d64aedebb981ead20713dfc940e86ce5
- SHA512
  
  848f40484c50c2eaa7d02419aa0b7d10f8689724ad1053f72fccf1d30c2e574e6298e4c715091b5fdb4b5510461eb595acb1a6137edb641dbd2b7ef8a6a3c9e0
- SSDEEP
  
  1536:BaSUrc/jYJ4c6hFJQn5pNS9jO8jc2jadmn+3iDBq+KD3tSYCz9+:gSUejMaFGn/ejO8jcqadKDG9SYy9+
Score

10^/10

revengerat guest persistence stealer trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- RevengeRat Executable
  stealer
- Executes dropped EXE
- Drops startup file
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

stealerguestrevengerat

behavioral1

revengeratguestpersistencestealertrojan

© 2018-2024

Terms | Privacy