revengerat | a96543da023e22eff83c1f152b980627a3efba8bd0d228171df6e4ac3b95ab89 | Triage

Submit
Reports

Overview

overview

Static

static

3

a96543da02...JC.exe

windows7-x64

a96543da02...JC.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

a96543da023e22eff83c1f152b980627a3efba8bd0d228171df6e4ac3b95ab89_JC.exe
Size

85KB
Sample

231013-czx4racg48
MD5

15663f7481c8b2a19dbe62014fa8a948
SHA1

d5875cbdf0b84e14cef8cf1249bae06a3ab4f57b
SHA256

a96543da023e22eff83c1f152b980627a3efba8bd0d228171df6e4ac3b95ab89
SHA512

49883051f92e52094345e0b710754ce8445156ef9b20ad3cf0594a894615784b7b6240dfc2f5b0e915b5d5329163826988136921dd02a5e2d35fa60997c8820a
SSDEEP

1536:ER6XtX3eJG53G73mxdvd830Shhcqv/J+Kf/+9HIxCLsgmzU:o6t32GhNvWPhhco/J+Kn+9HIxCLsgmg

Score

10^/10

revengerat test crypt stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

a96543da023e22eff83c1f152b980627a3efba8bd0d228171df6e4ac3b95ab89_JC.exe

Resource

win7-20230831-en

revengerat test crypt stealer trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

a96543da023e22eff83c1f152b980627a3efba8bd0d228171df6e4ac3b95ab89_JC.exe

Resource

win10v2004-20230915-en

revengerat test crypt stealer trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

revengerat

Botnet

Test crypt

C2

pplfoot1.ddns.net:1177

Mutex

RV_MUTEX-wpnFwUnoWrUU

Targets

- Target
  
  a96543da023e22eff83c1f152b980627a3efba8bd0d228171df6e4ac3b95ab89_JC.exe
- Size
  
  85KB
- MD5
  
  15663f7481c8b2a19dbe62014fa8a948
- SHA1
  
  d5875cbdf0b84e14cef8cf1249bae06a3ab4f57b
- SHA256
  
  a96543da023e22eff83c1f152b980627a3efba8bd0d228171df6e4ac3b95ab89
- SHA512
  
  49883051f92e52094345e0b710754ce8445156ef9b20ad3cf0594a894615784b7b6240dfc2f5b0e915b5d5329163826988136921dd02a5e2d35fa60997c8820a
- SSDEEP
  
  1536:ER6XtX3eJG53G73mxdvd830Shhcqv/J+Kf/+9HIxCLsgmzU:o6t32GhNvWPhhco/J+Kn+9HIxCLsgmg
Score

10^/10

revengerat test crypt stealer trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- RevengeRat Executable
  stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

revengerattest cryptstealertrojan

behavioral2

revengerattest cryptstealertrojan

© 2018-2025

Terms | Privacy