revengerat | dba31ba17f5fd314bdaa69df902db653a5b0a6ede5d53459573c7ca6e868095a | Triage

Sharing

General

Target

3a9f0dd8d0645492c815890a76e5ad3e_JaffaCakes118
Size

56KB
Sample

240512-rzhfmadg84
MD5

3a9f0dd8d0645492c815890a76e5ad3e
SHA1

14574fd766bd7257f0dd9616362f6114a97fae24
SHA256

dba31ba17f5fd314bdaa69df902db653a5b0a6ede5d53459573c7ca6e868095a
SHA512

ceeaeecdec572d92bc8e2b69f6d22aeb67eee825c428a7d498cfa48b914d91aa82bcd129084d82e5df81c9029cbabc77434ab1c08ce4936207ff8b0b32187bb1
SSDEEP

768:1KKJQABuxDyQu7btsfP+DANJnZ/T53Qmrd1NoA1DleQ2T:1Z6DjmYgmrdUA+

Score

10^/10

revengerat persistence stealer trojan

Malware Config

Targets

- Target
  
  3a9f0dd8d0645492c815890a76e5ad3e_JaffaCakes118
- Size
  
  56KB
- MD5
  
  3a9f0dd8d0645492c815890a76e5ad3e
- SHA1
  
  14574fd766bd7257f0dd9616362f6114a97fae24
- SHA256
  
  dba31ba17f5fd314bdaa69df902db653a5b0a6ede5d53459573c7ca6e868095a
- SHA512
  
  ceeaeecdec572d92bc8e2b69f6d22aeb67eee825c428a7d498cfa48b914d91aa82bcd129084d82e5df81c9029cbabc77434ab1c08ce4936207ff8b0b32187bb1
- SSDEEP
  
  768:1KKJQABuxDyQu7btsfP+DANJnZ/T53Qmrd1NoA1DleQ2T:1Z6DjmYgmrdUA+
Score

10^/10

revengerat persistence stealer trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- RevengeRat Executable
  stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scripting

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

stealerrevengerat

behavioral1

revengeratpersistencestealertrojan

behavioral2

revengeratpersistencestealertrojan