Overview

overview

10

Static

static

1

stealer30.exe

windows7-x64

10

stealer30.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    stealer30.bin

  • Size

    373KB

  • Sample

    230209-s7lzfsad32

  • MD5

    70d717a07a6df0db8fa222a5719c1ccd

  • SHA1

    71dd5d3f838e2f869cca3aaf186c60aeb05bd682

  • SHA256

    4acc7393b942c7c331ef0d08dc20000177adbe93f7a5202af14735b148c432f7

  • SHA512

    cd83260c5b5891815907fb8b18383d8428c7d77a5c8af0556aaa8036e7dc2026c1e268506df86385dc8a2cb7d776b700b638adbf79b4d393a331b6d6e85cb250

  • SSDEEP

    6144:wsNJZA19r/SpqYYn/70nFIyUveIh6i2AgVv0Io9J:b/i9T07YD0XF+n

Score
10/10
revengeratstealertrojan

Malware Config

Targets

    • Target

      stealer30.bin

    • Size

      373KB

    • MD5

      70d717a07a6df0db8fa222a5719c1ccd

    • SHA1

      71dd5d3f838e2f869cca3aaf186c60aeb05bd682

    • SHA256

      4acc7393b942c7c331ef0d08dc20000177adbe93f7a5202af14735b148c432f7

    • SHA512

      cd83260c5b5891815907fb8b18383d8428c7d77a5c8af0556aaa8036e7dc2026c1e268506df86385dc8a2cb7d776b700b638adbf79b4d393a331b6d6e85cb250

    • SSDEEP

      6144:wsNJZA19r/SpqYYn/70nFIyUveIh6i2AgVv0Io9J:b/i9T07YD0XF+n

    Score
    10/10
    revengeratstealertrojan

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

      trojanrevengerat

    • RevengeRat Executable

      stealer

    • Drops startup file

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

1
T1064

Persistence

Privilege Escalation

Defense Evasion

Scripting

1
T1064

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks