revengerat | 3f8ecf8e97a0aaf72edc5b09dcde54171844e8addceb7c3ca12752470d92de18 | Triage

Sharing

General

Target

5c760a424e177dbef0c9a7df01c7cd49_JaffaCakes118
Size

171KB
Sample

240520-brxycade5z
MD5

5c760a424e177dbef0c9a7df01c7cd49
SHA1

8d83adf33ff0f1a496a691ecf088529c7e706043
SHA256

3f8ecf8e97a0aaf72edc5b09dcde54171844e8addceb7c3ca12752470d92de18
SHA512

228f38c60272a3b809851c66c1d075f2b10e1d1da4d1c61fc91629e86883528c2f5763f48d6c9a3a36925dd8ef98cfa2624c0ebe5cd66853507050d8a97936f0
SSDEEP

3072:ZIZs1DWIIPV0SbLz+Dcjh9SYvioAQWz5GdIQFZ8HRVFqc4v:ZIqWIIPV0SbP+ojb7qoAfqI3RVFq1

Score

10^/10

revengerat guest execution persistence stealer trojan

Malware Config

Extracted

Family

revengerat

Botnet

Guest

C2

dk0004-60011.portmap.io:60011

Mutex

RV_MUTEX

Targets

- Target
  
  5c760a424e177dbef0c9a7df01c7cd49_JaffaCakes118
- Size
  
  171KB
- MD5
  
  5c760a424e177dbef0c9a7df01c7cd49
- SHA1
  
  8d83adf33ff0f1a496a691ecf088529c7e706043
- SHA256
  
  3f8ecf8e97a0aaf72edc5b09dcde54171844e8addceb7c3ca12752470d92de18
- SHA512
  
  228f38c60272a3b809851c66c1d075f2b10e1d1da4d1c61fc91629e86883528c2f5763f48d6c9a3a36925dd8ef98cfa2624c0ebe5cd66853507050d8a97936f0
- SSDEEP
  
  3072:ZIZs1DWIIPV0SbLz+Dcjh9SYvioAQWz5GdIQFZ8HRVFqc4v:ZIqWIIPV0SbP+ojb7qoAfqI3RVFq1
Score

10^/10

revengerat execution persistence stealer trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- RevengeRat Executable
  stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scripting

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

stealerguestrevengerat

behavioral1

revengeratexecutionpersistencestealertrojan

behavioral2

revengeratexecutionpersistencestealertrojan