revengerat | 23541c3d4d3c91c51335895d912cf2a62d7f50ec4cf1b3caf1c10bb8c4961497 | Triage

Submit
Reports

Overview

overview

Static

static

3

NumChai.exe

windows7-x64

NumChai.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

NumChai.exe
Size

17.6MB
Sample

230919-k56xvaab65
MD5

bcdd91505b93ce1e14ad987952fbed08
SHA1

cb21e724e0814cf0304aec12fbf29d6ec5470e1d
SHA256

23541c3d4d3c91c51335895d912cf2a62d7f50ec4cf1b3caf1c10bb8c4961497
SHA512

27cf73b2c7224cb9e3b0949dd09f6d061fd999c6e165afba56148f1c404badb33704e5785c724a05757428ff185065b30b82ee974b3b9366e02fbae4f31af853
SSDEEP

393216:wiW1obI/fL2Vmd6mx2pjhV6q+CdVBkkq3+d9jpwjYJLW8Fw8wPrVs:1W1h/fyVmdP6jhV6q+i3WOd9jejmLW8R

Score

10^/10

revengerat persistence pyinstaller stealer trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

NumChai.exe

Resource

win7-20230831-en

revengerat persistence pyinstaller stealer trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

NumChai.exe

Resource

win10v2004-20230915-en

revengerat persistence pyinstaller stealer trojan

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  NumChai.exe
- Size
  
  17.6MB
- MD5
  
  bcdd91505b93ce1e14ad987952fbed08
- SHA1
  
  cb21e724e0814cf0304aec12fbf29d6ec5470e1d
- SHA256
  
  23541c3d4d3c91c51335895d912cf2a62d7f50ec4cf1b3caf1c10bb8c4961497
- SHA512
  
  27cf73b2c7224cb9e3b0949dd09f6d061fd999c6e165afba56148f1c404badb33704e5785c724a05757428ff185065b30b82ee974b3b9366e02fbae4f31af853
- SSDEEP
  
  393216:wiW1obI/fL2Vmd6mx2pjhV6q+CdVBkkq3+d9jpwjYJLW8Fw8wPrVs:1W1h/fyVmdP6jhV6q+i3WOd9jejmLW8R
Score

10^/10

revengerat persistence pyinstaller stealer trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- RevengeRat Executable
  stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

revengeratpersistencepyinstallerstealertrojan

behavioral2

revengeratpersistencepyinstallerstealertrojan

© 2018-2025

Terms | Privacy