revengerat | f59f1892ffa3ea493f7e3fe3b0c9fe0cc351bd3ad68945011463cedccbcba897 | Triage

Submit
Reports

Overview

overview

Static

static

b9ee459ad5...2e.exe

windows7-x64

b9ee459ad5...2e.exe

windows10-2004-x64

Sharing

General

Target

b9ee459ad5c517aea39a87a59e360d2e
Size

1.4MB
Sample

240229-z8vrbadd58
MD5

b9ee459ad5c517aea39a87a59e360d2e
SHA1

db88750dfaf6bdad844bad6f39a0c8eb635e5f66
SHA256

f59f1892ffa3ea493f7e3fe3b0c9fe0cc351bd3ad68945011463cedccbcba897
SHA512

cee3831b834a13fa123946f4a24c2d42b227c5e7f17d0319f5a6a017e1d8dcefdfab7e06baf0a8aa314a2e72bb7e9b4393f74b1ad1c004ce800019e6cab1557d
SSDEEP

24576:Tq5TfcdHj4fmbu2qhEzKJ9TtrJLnU88MYtWYQYPx00zQJ9TtFzLnUwvSYtWYoYPh:TUTsamCxT5/YtWYQYPC5KYtWYoYPh

Score

10^/10

revengerat stealer trojan upx

Static task

static1

4 signatures

Behavioral task

behavioral1

Sample

b9ee459ad5c517aea39a87a59e360d2e.exe

Resource

win7-20240221-en

revengerat stealer trojan upx

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

b9ee459ad5c517aea39a87a59e360d2e.exe

Resource

win10v2004-20240226-en

revengerat stealer trojan upx

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  b9ee459ad5c517aea39a87a59e360d2e
- Size
  
  1.4MB
- MD5
  
  b9ee459ad5c517aea39a87a59e360d2e
- SHA1
  
  db88750dfaf6bdad844bad6f39a0c8eb635e5f66
- SHA256
  
  f59f1892ffa3ea493f7e3fe3b0c9fe0cc351bd3ad68945011463cedccbcba897
- SHA512
  
  cee3831b834a13fa123946f4a24c2d42b227c5e7f17d0319f5a6a017e1d8dcefdfab7e06baf0a8aa314a2e72bb7e9b4393f74b1ad1c004ce800019e6cab1557d
- SSDEEP
  
  24576:Tq5TfcdHj4fmbu2qhEzKJ9TtrJLnU88MYtWYQYPx00zQJ9TtFzLnUwvSYtWYoYPh:TUTsamCxT5/YtWYQYPC5KYtWYoYPh
Score

10^/10

revengerat stealer trojan upx
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- RevengeRat Executable
  stealer
- UPX dump on OEP (original entry point)
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

revengeratstealertrojanupx

behavioral2

revengeratstealertrojanupx

© 2018-2024

Terms | Privacy