revengerat | 2ec6df9a41e10daed0543128f9dcc897017828c12d4e78f0c4ad2f2b37aaaff0 | Triage

Submit
Reports

Overview

overview

Static

static

1

expressvpn...se.exe

windows7-x64

4

expressvpn...se.exe

windows10-2004-x64

Sharing

General

Target

expressvpn_windows_12.51.0.4_release.exe
Size

62.9MB
Sample

230625-xhvyaaed73
MD5

c7a0290ac607dda06b5a83dc29d0dbb3
SHA1

627ef1672e58add4e0863d5fbd5e63b7666df489
SHA256

2ec6df9a41e10daed0543128f9dcc897017828c12d4e78f0c4ad2f2b37aaaff0
SHA512

13c079a3719b686d958f1794712ef236e33933edcaaab778b2938b0b9315527f98e514c8a7e0d3857185a40d249a11cd45fcee98c8c3eeef38b62a723ef1f012
SSDEEP

1572864:eA9T8BsJn5wq9hWLN4V0HjU6o5hykKjtNJJbXoilwyf:eAaB4KMKeVOho5h7K5NfoSf

Score

10^/10

revengerat discovery persistence stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

expressvpn_windows_12.51.0.4_release.exe

Resource

win7-20230621-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

expressvpn_windows_12.51.0.4_release.exe

Resource

win10v2004-20230621-en

revengerat discovery persistence stealer trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  expressvpn_windows_12.51.0.4_release.exe
- Size
  
  62.9MB
- MD5
  
  c7a0290ac607dda06b5a83dc29d0dbb3
- SHA1
  
  627ef1672e58add4e0863d5fbd5e63b7666df489
- SHA256
  
  2ec6df9a41e10daed0543128f9dcc897017828c12d4e78f0c4ad2f2b37aaaff0
- SHA512
  
  13c079a3719b686d958f1794712ef236e33933edcaaab778b2938b0b9315527f98e514c8a7e0d3857185a40d249a11cd45fcee98c8c3eeef38b62a723ef1f012
- SSDEEP
  
  1572864:eA9T8BsJn5wq9hWLN4V0HjU6o5hykKjtNJJbXoilwyf:eAaB4KMKeVOho5h7K5NfoSf
Score

10^/10

revengerat discovery persistence stealer trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- RevengeRat Executable
  stealer
- Downloads MZ/PE file
- Adds Run key to start application
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

revengeratdiscoverypersistencestealertrojan

© 2018-2024

Terms | Privacy