revengerat | 3db0e385eb53a32d61a5a35908a99317868b571e4cf7079db67fd68604da662c | Triage

Submit
Reports

Overview

overview

Static

static

7

3db0e385eb...2c.exe

windows7-x64

3db0e385eb...2c.exe

windows10-2004-x64

Sharing

General

Target

3db0e385eb53a32d61a5a35908a99317868b571e4cf7079db67fd68604da662c
Size

1.1MB
Sample

240322-mh8h9sdc51
MD5

56ac9e72644a8dae8c1968d63a26e58a
SHA1

d0349d04f33400541898426438d9e036d21decc5
SHA256

3db0e385eb53a32d61a5a35908a99317868b571e4cf7079db67fd68604da662c
SHA512

d4f5c176b3e4fda2a318fde3ec3702d9bf102bd752ee42b4549b9fd6630fdcbee20de63fc7a403f60768ac7c0a7d780bc542c8d60f4e2b9eeb19a40aba49ddc1
SSDEEP

24576:mq5TfcdHj4fmbi2q+0MmV0VMXeyrtoT1GokHTQoCwsC+Y:mUTsamOx9RoBVoCwT

Score

10^/10

revengerat stealer trojan upx

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

3db0e385eb53a32d61a5a35908a99317868b571e4cf7079db67fd68604da662c.exe

Resource

win7-20231129-en

revengerat stealer trojan upx

windows7-x64

14 signatures

300 seconds

Behavioral task

behavioral2

Sample

3db0e385eb53a32d61a5a35908a99317868b571e4cf7079db67fd68604da662c.exe

Resource

win10v2004-20240226-en

revengerat stealer trojan upx

windows10-2004-x64

16 signatures

300 seconds

Malware Config

Targets

- Target
  
  3db0e385eb53a32d61a5a35908a99317868b571e4cf7079db67fd68604da662c
- Size
  
  1.1MB
- MD5
  
  56ac9e72644a8dae8c1968d63a26e58a
- SHA1
  
  d0349d04f33400541898426438d9e036d21decc5
- SHA256
  
  3db0e385eb53a32d61a5a35908a99317868b571e4cf7079db67fd68604da662c
- SHA512
  
  d4f5c176b3e4fda2a318fde3ec3702d9bf102bd752ee42b4549b9fd6630fdcbee20de63fc7a403f60768ac7c0a7d780bc542c8d60f4e2b9eeb19a40aba49ddc1
- SSDEEP
  
  24576:mq5TfcdHj4fmbi2q+0MmV0VMXeyrtoT1GokHTQoCwsC+Y:mUTsamOx9RoBVoCwT
Score

10^/10

revengerat stealer trojan upx
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- RevengeRat Executable
  stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

revengeratstealertrojanupx

behavioral2

revengeratstealertrojanupx

© 2018-2024

Terms | Privacy