Overview

overview

10

Static

static

3

Loader.exe

windows10-1703-x64

10

Loader.exe

windows10-2004-x64

10

Loader.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Loader.exe

  • Size

    176KB

  • Sample

    240507-3a4hcagd75

  • MD5

    f64f3bab297a2ee345d90c604d852f73

  • SHA1

    c5ad3cd8a659fd0dc0bea1462bb37661b80c091e

  • SHA256

    bcabcd416b9750492763b4963120bd035825690a8bc49b66f2508e2253fc6ec3

  • SHA512

    d751ddce73b482e12222d26067fa86af68785890b256c1f6208f05342a1832620d619cd7564add806fea89dfa6c73541f2d4a6ef7823f2c890d75cb6241caf25

  • SSDEEP

    3072:YyqBXv8dNxr5GWp1icKAArDZz4N9GhbkrNEkB4nC5IbyJia:MkBp0yN90QEF2

Score
10/10
revengeratexecutionpersistencestealertrojan

Malware Config

Extracted

Family

revengerat

Mutex

Targets

    • Target

      Loader.exe

    • Size

      176KB

    • MD5

      f64f3bab297a2ee345d90c604d852f73

    • SHA1

      c5ad3cd8a659fd0dc0bea1462bb37661b80c091e

    • SHA256

      bcabcd416b9750492763b4963120bd035825690a8bc49b66f2508e2253fc6ec3

    • SHA512

      d751ddce73b482e12222d26067fa86af68785890b256c1f6208f05342a1832620d619cd7564add806fea89dfa6c73541f2d4a6ef7823f2c890d75cb6241caf25

    • SSDEEP

      3072:YyqBXv8dNxr5GWp1icKAArDZz4N9GhbkrNEkB4nC5IbyJia:MkBp0yN90QEF2

    Score
    10/10
    revengeratexecutionpersistencestealertrojan

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

      trojanrevengerat

    • RevengeRat Executable

      stealer

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Adds Run key to start application

      persistence
    behavioral1behavioral2behavioral3

MITRE ATT&CK Enterprise v15

Tasks