revengerat | 1ee3e5b5f7b2deb6182a591e94890786e404054e536dc468960d941c733d1e00 | Triage

Submit
Reports

Overview

overview

Static

static

e18ec27f09...3e.exe

windows7-x64

e18ec27f09...3e.exe

windows10-2004-x64

Sharing

General

Target

e18ec27f09521152664d6a5aad14f03e
Size

173KB
Sample

240327-nlzk7sbb23
MD5

e18ec27f09521152664d6a5aad14f03e
SHA1

747bbc767b7a4aedc13a6b2d2f0a8a63363fc91c
SHA256

1ee3e5b5f7b2deb6182a591e94890786e404054e536dc468960d941c733d1e00
SHA512

3180a6de45526927ea7099b52a7c191ac1e4e6bff1fb55f1e03f7369ef6a316ff7a93ee533aa587c0ecb03e3f604e449ae8fd8547bd99aff7ea8382e98d4138b
SSDEEP

3072:YWzzzZKkF8xgsfifWFDZxbvPtj006jxyLNPs4EzhiXJbH5HGWSu9igjc:FDQg8uFUlxbvVjqjNuJbH5Hyn

Score

10^/10

revengerat persistence stealer trojan

Static task

static1

stealer revengerat

3 signatures

Behavioral task

behavioral1

Sample

e18ec27f09521152664d6a5aad14f03e.exe

Resource

win7-20240221-en

revengerat persistence stealer trojan

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

e18ec27f09521152664d6a5aad14f03e.exe

Resource

win10v2004-20240226-en

revengerat persistence stealer trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  e18ec27f09521152664d6a5aad14f03e
- Size
  
  173KB
- MD5
  
  e18ec27f09521152664d6a5aad14f03e
- SHA1
  
  747bbc767b7a4aedc13a6b2d2f0a8a63363fc91c
- SHA256
  
  1ee3e5b5f7b2deb6182a591e94890786e404054e536dc468960d941c733d1e00
- SHA512
  
  3180a6de45526927ea7099b52a7c191ac1e4e6bff1fb55f1e03f7369ef6a316ff7a93ee533aa587c0ecb03e3f604e449ae8fd8547bd99aff7ea8382e98d4138b
- SSDEEP
  
  3072:YWzzzZKkF8xgsfifWFDZxbvPtj006jxyLNPs4EzhiXJbH5HGWSu9igjc:FDQg8uFUlxbvVjqjNuJbH5Hyn
Score

10^/10

revengerat persistence stealer trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- RevengeRat Executable
  stealer
- Drops file in Drivers directory
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

stealerrevengerat

behavioral1

revengeratpersistencestealertrojan

behavioral2

revengeratpersistencestealertrojan

© 2018-2024

Terms | Privacy