revengerat | 6713695798164eeef13de43bffb24f47b82e58a68c12b92bcee41d45f864e931 | Triage

Submit
Reports

Overview

overview

Static

static

1

expressvpn...m].exe

windows7-x64

4

expressvpn...m].exe

windows10-2004-x64

Sharing

General

Target

expressvpn_windows_12.49.0.4_release [pesktop.com].exe
Size

62.9MB
Sample

230628-hlzy3sge87
MD5

18533e6820766306144e432b9616ecbf
SHA1

ed5470f3b31853ac2fc80f4d1646db3b6cb09276
SHA256

6713695798164eeef13de43bffb24f47b82e58a68c12b92bcee41d45f864e931
SHA512

26f29dbf8f522ea909c477f2ded551dadf1626ed9707efc58759c8a8f8b17ebff0d0ea79feb6067db01c8983bd5c1ad7b9385b539574b868ca0d047b8cd3e4f0
SSDEEP

1572864:yJ+g8ROZq79HMryExyFbqDXA6kZ/EJLV5+LFQ1TJbezilwOb:yD8RO+BTbkw4J5+LFAwzub

Score

10^/10

revengerat discovery persistence stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

expressvpn_windows_12.49.0.4_release [pesktop.com].exe

Resource

win7-20230621-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

expressvpn_windows_12.49.0.4_release [pesktop.com].exe

Resource

win10v2004-20230621-en

revengerat discovery persistence stealer trojan

windows10-2004-x64

27 signatures

150 seconds

Malware Config

Targets

- Target
  
  expressvpn_windows_12.49.0.4_release [pesktop.com].exe
- Size
  
  62.9MB
- MD5
  
  18533e6820766306144e432b9616ecbf
- SHA1
  
  ed5470f3b31853ac2fc80f4d1646db3b6cb09276
- SHA256
  
  6713695798164eeef13de43bffb24f47b82e58a68c12b92bcee41d45f864e931
- SHA512
  
  26f29dbf8f522ea909c477f2ded551dadf1626ed9707efc58759c8a8f8b17ebff0d0ea79feb6067db01c8983bd5c1ad7b9385b539574b868ca0d047b8cd3e4f0
- SSDEEP
  
  1572864:yJ+g8ROZq79HMryExyFbqDXA6kZ/EJLV5+LFQ1TJbezilwOb:yD8RO+BTbkw4J5+LFAwzub
Score

10^/10

revengerat discovery persistence stealer trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- RevengeRat Executable
  stealer
- Blocklisted process makes network request
- Downloads MZ/PE file
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Install Root Certificate

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

revengeratdiscoverypersistencestealertrojan

© 2018-2024

Terms | Privacy