revengerat | c35ffbbb7a500717bc7260ffa47df7502f60ebf5c73cdebec1ff03589ef01a48 | Triage

Sharing

General

Target

51fe29fa7e0548d59fbeb43ef6e4a7e8
Size

80KB
Sample

231222-ct9klagaam
MD5

51fe29fa7e0548d59fbeb43ef6e4a7e8
SHA1

27e35f2e5a96f4a470e254bc82e38be8494adbc1
SHA256

c35ffbbb7a500717bc7260ffa47df7502f60ebf5c73cdebec1ff03589ef01a48
SHA512

53eb41acdcd5fd11944bf5e12c641164f1a7476ff068f7309f7a39ae9e3c06e70f6a56d02f5ed2837176f051e551789d56f5b5ac7a79249b7ae1a94b6d1b3dce
SSDEEP

1536:tIByB9M1Ohh0JQwo9QBr1IkHrjk/f/3vk2g:e

Score

10^/10

revengerat guest stealer trojan

Malware Config

Extracted

Family

revengerat

Mutex

Extracted

Family

revengerat

Botnet

Guest

C2

upgradegoogle.duckdns.org:5005

Mutex

RV_MUTEX

Targets

- Target
  
  51fe29fa7e0548d59fbeb43ef6e4a7e8
- Size
  
  80KB
- MD5
  
  51fe29fa7e0548d59fbeb43ef6e4a7e8
- SHA1
  
  27e35f2e5a96f4a470e254bc82e38be8494adbc1
- SHA256
  
  c35ffbbb7a500717bc7260ffa47df7502f60ebf5c73cdebec1ff03589ef01a48
- SHA512
  
  53eb41acdcd5fd11944bf5e12c641164f1a7476ff068f7309f7a39ae9e3c06e70f6a56d02f5ed2837176f051e551789d56f5b5ac7a79249b7ae1a94b6d1b3dce
- SSDEEP
  
  1536:tIByB9M1Ohh0JQwo9QBr1IkHrjk/f/3vk2g:e
Score

10^/10

revengerat guest stealer trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- RevengeRat Executable
  stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

revengeratgueststealertrojan