revengerat | 2cab934053dd983b5588cbe0a6660663ffb52d36888180badc0ac36de7402ea9 | Triage

Submit
Reports

Overview

overview

Static

static

2cab934053...a9.exe

windows7-x64

2cab934053...a9.exe

windows10-2004-x64

Sharing

General

Target

2cab934053dd983b5588cbe0a6660663ffb52d36888180badc0ac36de7402ea9
Size

546KB
Sample

230828-h3ygksag5s
MD5

3e500e0b4816fe81a0eb0e568536fe8a
SHA1

0a11673f4bce81bf839fa22ff825cc39b64849e1
SHA256

2cab934053dd983b5588cbe0a6660663ffb52d36888180badc0ac36de7402ea9
SHA512

a3d1b8f60ba042ea97164aa198b256570fd2b20a5f1a7aae09271fcb213eb2650e3de1502d3aaf7204d6aeaf07e0519b5b62eb05decd8eba521576a10038fa79
SSDEEP

3072:C7Ms2moru6ObSfmUYzD0z00bvFu5isBzW1K1+tAc/opGsXs9SYQo9S8wwydT:9Yoa6O+fHqD70bNolIDoW7QoRO

Score

10^/10

revengerat guest persistence stealer trojan

Static task

static1

stealer guest revengerat

3 signatures

Behavioral task

behavioral1

Sample

2cab934053dd983b5588cbe0a6660663ffb52d36888180badc0ac36de7402ea9.exe

Resource

win7-20230712-en

revengerat guest persistence stealer trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

2cab934053dd983b5588cbe0a6660663ffb52d36888180badc0ac36de7402ea9.exe

Resource

win10v2004-20230824-en

revengerat guest persistence stealer trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

revengerat

Botnet

Guest

C2

127.0.0.1:333

killer2017.ddns.net:333

Mutex

RV_MUTEX-cawrHJfWfhaRC

Targets

- Target
  
  2cab934053dd983b5588cbe0a6660663ffb52d36888180badc0ac36de7402ea9
- Size
  
  546KB
- MD5
  
  3e500e0b4816fe81a0eb0e568536fe8a
- SHA1
  
  0a11673f4bce81bf839fa22ff825cc39b64849e1
- SHA256
  
  2cab934053dd983b5588cbe0a6660663ffb52d36888180badc0ac36de7402ea9
- SHA512
  
  a3d1b8f60ba042ea97164aa198b256570fd2b20a5f1a7aae09271fcb213eb2650e3de1502d3aaf7204d6aeaf07e0519b5b62eb05decd8eba521576a10038fa79
- SSDEEP
  
  3072:C7Ms2moru6ObSfmUYzD0z00bvFu5isBzW1K1+tAc/opGsXs9SYQo9S8wwydT:9Yoa6O+fHqD70bNolIDoW7QoRO
Score

10^/10

revengerat guest persistence stealer trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- RevengeRat Executable
  stealer
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scripting

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

stealerguestrevengerat

behavioral1

revengeratguestpersistencestealertrojan

behavioral2

revengeratguestpersistencestealertrojan

© 2018-2024

Terms | Privacy