revengerat | 070cdaafc8e55e13d001c55041ba9e0bfc1075a69b121b9631cbebf273552864 | Triage

Sharing

General

Target

0cde62c97f0e154aedebb93144f71b5d_JaffaCakes118
Size

328KB
Sample

240625-gf3bkswglq
MD5

0cde62c97f0e154aedebb93144f71b5d
SHA1

b784e43eda015badc9b85bdcd208045345f2183d
SHA256

070cdaafc8e55e13d001c55041ba9e0bfc1075a69b121b9631cbebf273552864
SHA512

e0beb59d0b628dd7e893d2351ae24ba2c77a4fa4adbc6569290aea8afcc07582e6cab4343585fbd82ab4cfaf1dd94dcfcc00dda0dbef4b2c67b9447164301f18
SSDEEP

3072:3jtj5Tbd6mF0yQBVdJxPUpjtj5Tbd6mF0yQBVdJxPUv90:BZf6BD3s3Zf6BD3sv9

Score

10^/10

revengerat evasion persistence stealer

Malware Config

Targets

- Target
  
  0cde62c97f0e154aedebb93144f71b5d_JaffaCakes118
- Size
  
  328KB
- MD5
  
  0cde62c97f0e154aedebb93144f71b5d
- SHA1
  
  b784e43eda015badc9b85bdcd208045345f2183d
- SHA256
  
  070cdaafc8e55e13d001c55041ba9e0bfc1075a69b121b9631cbebf273552864
- SHA512
  
  e0beb59d0b628dd7e893d2351ae24ba2c77a4fa4adbc6569290aea8afcc07582e6cab4343585fbd82ab4cfaf1dd94dcfcc00dda0dbef4b2c67b9447164301f18
- SSDEEP
  
  3072:3jtj5Tbd6mF0yQBVdJxPUpjtj5Tbd6mF0yQBVdJxPUv90:BZf6BD3s3Zf6BD3sv9
Score

8^/10

evasion persistence
- Disables RegEdit via registry modification
  evasion
- Drops file in Drivers directory
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

stealerrevengerat

behavioral1

evasionpersistence

behavioral2

evasionpersistence