revengerat | cb9bb33d33ae493a7616a62cae19fb7c127c596a834543e78735e894d4225f42 | Triage

Sharing

General

Target

6663483929f325b3fe2f8a351787aebf.bin
Size

5.0MB
Sample

240729-c95atayhrp
MD5

6663483929f325b3fe2f8a351787aebf
SHA1

eaef70212f2f361a3167340d7c76e07246f1e427
SHA256

cb9bb33d33ae493a7616a62cae19fb7c127c596a834543e78735e894d4225f42
SHA512

12d51bd6328fd6a7572c97fdd3ac7b5d74dfd1379d5553f890af6c5a2effa65c61ecb78588fddac239881391ed9e2831f65a6f70e83a7047b980bcd4cb501eb9
SSDEEP

3072:iEQ5B9LypBTl57/zzTx+feymDt9SYzOP+:iupBvLzTIf4Df7zOP+

Score

10^/10

revengerat guest discovery persistence trojan

Malware Config

Extracted

Family

revengerat

Botnet

Guest

C2

0.tcp.eu.ngrok.io:8848

Mutex

RV_MUTEX

Targets

- Target
  
  6663483929f325b3fe2f8a351787aebf.bin
- Size
  
  5.0MB
- MD5
  
  6663483929f325b3fe2f8a351787aebf
- SHA1
  
  eaef70212f2f361a3167340d7c76e07246f1e427
- SHA256
  
  cb9bb33d33ae493a7616a62cae19fb7c127c596a834543e78735e894d4225f42
- SHA512
  
  12d51bd6328fd6a7572c97fdd3ac7b5d74dfd1379d5553f890af6c5a2effa65c61ecb78588fddac239881391ed9e2831f65a6f70e83a7047b980bcd4cb501eb9
- SSDEEP
  
  3072:iEQ5B9LypBTl57/zzTx+feymDt9SYzOP+:iupBvLzTIf4Df7zOP+
Score

10^/10

revengerat guest discovery persistence trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Scripting

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

guestrevengerat

behavioral1

revengeratguestdiscoverypersistencetrojan

behavioral2

revengeratguestdiscoverypersistencetrojan