revengerat | bd1b202a5eed029524ad2a9947c6bf796352d4da36b43bf738ab833df3ecdaea | Triage

Sharing

General

Target

3c550bc74a78425b2f57365650d938cb_JaffaCakes118
Size

179KB
Sample

240513-xvef3aba89
MD5

3c550bc74a78425b2f57365650d938cb
SHA1

349efaa739a9eb5e80c12d3fc269c5ac7642f3ee
SHA256

bd1b202a5eed029524ad2a9947c6bf796352d4da36b43bf738ab833df3ecdaea
SHA512

1ffaa1a27968220cc98778ae2513f51564a35ecd4efebbe78797bde6be4d533a4a4063f6f47104b5761d204e8fffebbb3c934a4efb8f08d964e94699e1ce33f7
SSDEEP

3072:AIZs1DWIIPV0SbLz+Dcjh9SYvioAQWz5GdIQFZ8HRVFqc4vV+:AIqWIIPV0SbP+ojb7qoAfqI3RVFq1E

Score

10^/10

revengerat guest execution persistence stealer trojan

Malware Config

Extracted

Family

revengerat

Botnet

Guest

C2

dk0004-60011.portmap.io:60011

Mutex

RV_MUTEX

Targets

- Target
  
  3c550bc74a78425b2f57365650d938cb_JaffaCakes118
- Size
  
  179KB
- MD5
  
  3c550bc74a78425b2f57365650d938cb
- SHA1
  
  349efaa739a9eb5e80c12d3fc269c5ac7642f3ee
- SHA256
  
  bd1b202a5eed029524ad2a9947c6bf796352d4da36b43bf738ab833df3ecdaea
- SHA512
  
  1ffaa1a27968220cc98778ae2513f51564a35ecd4efebbe78797bde6be4d533a4a4063f6f47104b5761d204e8fffebbb3c934a4efb8f08d964e94699e1ce33f7
- SSDEEP
  
  3072:AIZs1DWIIPV0SbLz+Dcjh9SYvioAQWz5GdIQFZ8HRVFqc4vV+:AIqWIIPV0SbP+ojb7qoAfqI3RVFq1E
Score

10^/10

revengerat guest execution persistence stealer trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- RevengeRat Executable
  stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scripting

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

stealerguestrevengerat

behavioral1

revengeratguestexecutionpersistencestealertrojan

behavioral2

revengeratexecutionpersistencestealertrojan