revengerat | 2e1b8f4394191bd190458f660be8d7e7199c5bb6aeadc2cd18b2cc09dcddf338 | Triage

Submit
Reports

Overview

overview

Static

static

a648209a4a...9e.exe

windows7-x64

a648209a4a...9e.exe

windows10-2004-x64

Sharing

General

Target

a648209a4af3bc3253ec4d3e189b349e
Size

196KB
Sample

240226-n1awdsch47
MD5

a648209a4af3bc3253ec4d3e189b349e
SHA1

ddbafd73f5da7d4249b05a4db77995bcb8788f3f
SHA256

2e1b8f4394191bd190458f660be8d7e7199c5bb6aeadc2cd18b2cc09dcddf338
SHA512

43f4233502a0d3dffdfe21eb0c8e7449daef9e485148be08963fa6e809fa36c2a97e2669ca044a38ff5e1af9a54e324d56117de5a1fd33fd91b5943fceeb77bd
SSDEEP

3072:U9Y/6ogy9pYlZdVqVwVWyGgJJpLXDYbGljNPB7VYOY1dZaioWEZHoj4slffd75fu:U963gy9pYlMVwGbONPBuO4DaiLyHSB5

Score

10^/10

revengerat persistence stealer trojan

Static task

static1

stealer revengerat

3 signatures

Behavioral task

behavioral1

Sample

a648209a4af3bc3253ec4d3e189b349e.exe

Resource

win7-20240221-en

revengerat persistence stealer trojan

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

a648209a4af3bc3253ec4d3e189b349e.exe

Resource

win10v2004-20240221-en

revengerat persistence stealer trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  a648209a4af3bc3253ec4d3e189b349e
- Size
  
  196KB
- MD5
  
  a648209a4af3bc3253ec4d3e189b349e
- SHA1
  
  ddbafd73f5da7d4249b05a4db77995bcb8788f3f
- SHA256
  
  2e1b8f4394191bd190458f660be8d7e7199c5bb6aeadc2cd18b2cc09dcddf338
- SHA512
  
  43f4233502a0d3dffdfe21eb0c8e7449daef9e485148be08963fa6e809fa36c2a97e2669ca044a38ff5e1af9a54e324d56117de5a1fd33fd91b5943fceeb77bd
- SSDEEP
  
  3072:U9Y/6ogy9pYlZdVqVwVWyGgJJpLXDYbGljNPB7VYOY1dZaioWEZHoj4slffd75fu:U963gy9pYlMVwGbONPBuO4DaiLyHSB5
Score

10^/10

revengerat persistence stealer trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- RevengeRat Executable
  stealer
- Drops file in Drivers directory
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

stealerrevengerat

behavioral1

revengeratpersistencestealertrojan

behavioral2

revengeratpersistencestealertrojan

© 2018-2024

Terms | Privacy