revengerat | 0feeb8481e07c0d5c1973f7a1644b788d56c9616c82ae0ce73505893664804a1 | Triage

Sharing

General

Target

Setup.exe
Size

458KB
Sample

230806-wlcqfacg9w
MD5

bfa40de5db5a15e0317dd72d982083dc
SHA1

fb93616799e85771a028944148bad57b15d0289b
SHA256

0feeb8481e07c0d5c1973f7a1644b788d56c9616c82ae0ce73505893664804a1
SHA512

cb39b9299485795ea810cb8f36b65bb3b816c37b7edd580bacccfaa8f9c222e0ebe08418ebef28512a2e87fc0ed758d5c6b3c445dfa5900e64d911fded2043c0
SSDEEP

6144:uK7EhfK4NKt9R8czLM0KGAFmLYYZMi/DQ/n0WvVhSOKi1UT:x7ElnUtkwLeNkZX/KvVcL

Score

10^/10

revengerat persistence stealer trojan

Malware Config

Targets

- Target
  
  Setup.exe
- Size
  
  458KB
- MD5
  
  bfa40de5db5a15e0317dd72d982083dc
- SHA1
  
  fb93616799e85771a028944148bad57b15d0289b
- SHA256
  
  0feeb8481e07c0d5c1973f7a1644b788d56c9616c82ae0ce73505893664804a1
- SHA512
  
  cb39b9299485795ea810cb8f36b65bb3b816c37b7edd580bacccfaa8f9c222e0ebe08418ebef28512a2e87fc0ed758d5c6b3c445dfa5900e64d911fded2043c0
- SSDEEP
  
  6144:uK7EhfK4NKt9R8czLM0KGAFmLYYZMi/DQ/n0WvVhSOKi1UT:x7ElnUtkwLeNkZX/KvVcL
Score

10^/10

revengerat persistence stealer trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- RevengeRat Executable
  stealer
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

revengeratpersistencestealertrojan

behavioral2