revengerat | 6579f8c3aec9717283fdb6367ec7b17f28858ae704605c76b14198d470bd82b9 | Triage

Sharing

General

Target

5be84affded6a459de10d6490bc42f25_JaffaCakes118
Size

3.0MB
Sample

240729-ye3dmaxarp
MD5

5be84affded6a459de10d6490bc42f25
SHA1

c901557593506294588fe36e85fcb0de94b71778
SHA256

6579f8c3aec9717283fdb6367ec7b17f28858ae704605c76b14198d470bd82b9
SHA512

92b7b930aed7b6df7d71d76e404be566f0fccdf507f048cccebfc9d78a14e8086fc05900d88438bcb7527aec96651cbef1c8cec7cccfee71dd1cdbbb741d9ff1
SSDEEP

49152:IARVS4nHwHHzaG0fuEqhfzJ3LKjcniRSVSHo8Vnt9/URlWbEc+YV48GbjMQHaX82:IYPnQHTa3uJ3LKYvVSHoA9/WlWbEyC8X

Score

10^/10

revengerat discovery stealer

Malware Config

Targets

- Target
  
  5be84affded6a459de10d6490bc42f25_JaffaCakes118
- Size
  
  3.0MB
- MD5
  
  5be84affded6a459de10d6490bc42f25
- SHA1
  
  c901557593506294588fe36e85fcb0de94b71778
- SHA256
  
  6579f8c3aec9717283fdb6367ec7b17f28858ae704605c76b14198d470bd82b9
- SHA512
  
  92b7b930aed7b6df7d71d76e404be566f0fccdf507f048cccebfc9d78a14e8086fc05900d88438bcb7527aec96651cbef1c8cec7cccfee71dd1cdbbb741d9ff1
- SSDEEP
  
  49152:IARVS4nHwHHzaG0fuEqhfzJ3LKjcniRSVSHo8Vnt9/URlWbEc+YV48GbjMQHaX82:IYPnQHTa3uJ3LKYvVSHoA9/WlWbEyC8X
Score

7^/10

discovery
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  14KB
- MD5
  
  325b008aec81e5aaa57096f05d4212b5
- SHA1
  
  27a2d89747a20305b6518438eff5b9f57f7df5c3
- SHA256
  
  c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b
- SHA512
  
  18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf
- SSDEEP
  
  192:86d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jwK72dwF7dBEnbok:86UdHXcIiY535zBt2jw+BEnbo
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/NSISdl.dll
- Size
  
  14KB
- MD5
  
  a5f8399a743ab7f9c88c645c35b1ebb5
- SHA1
  
  168f3c158913b0367bf79fa413357fbe97018191
- SHA256
  
  dacc88a12d3ba438fdae3535dc7a5a1d389bce13adc993706424874a782e51c9
- SHA512
  
  824e567f5211bf09c7912537c7836d761b0934207612808e9a191f980375c6a97383dbc6b4a7121c6b5f508cbfd7542a781d6b6b196ca24841f73892eec5e977
- SSDEEP
  
  192:tUZTobBDJ68r67wmsvJI5ad9cXzFOVu+mZ/P3p+57CvpVqDxVp01Dwn2GRPgsfA:6Bo/680dCI5adOjFOg9//p27uNw2Go
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/Processes.dll
- Size
  
  56KB
- MD5
  
  cc0bd4f5a79107633084471dbd4af796
- SHA1
  
  09dfcf182b1493161dec8044a5234c35ee24c43a
- SHA256
  
  3b5388e13dab53d53e08791f492ed7d3094a0cee51e9841af83ce02534e0621c
- SHA512
  
  67ba90ec04366e07d0922ffb4dbbb4f12f90b6785b87700adaae29327db9ec2a03d750b229f858db0594f439499d6346fbf1ebc17c77162bf8da027515219ee3
- SSDEEP
  
  768:WmswCIbuzwEmd7Fp4KpDAKngV9tV3rJy63JgaVwoz7si4uYqUYWu1gYwmj552RFB:WmswCIbuzwEy7n3YD3Jgw7shKrp55io
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  c17103ae9072a06da581dec998343fc1
- SHA1
  
  b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
- SHA256
  
  dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
- SHA512
  
  d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
- SSDEEP
  
  192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  DMCustomControls.dll
- Size
  
  76KB
- MD5
  
  f1821b5cb5e61a819ba6bbe7825a22a4
- SHA1
  
  d30bb1676076254a0d48f9eb55f4fa1bdc804636
- SHA256
  
  d506b8d06905c601e57bad032d0dfbe4eaf915ac5bbeb8c86b5c9cf6a7b0c44c
- SHA512
  
  389c9b60a08361e942fa9c217c69c1e5183cf1d651cadcd85696d97ac63c7ef17a8bb50eca525256d4c189ea5fb3c8fbbd36bf8bc955be0a2348e6ac1e7e7867
- SSDEEP
  
  1536:9SXKwgV2WaY+4j6CYPGYV4SZZ6Msu9fqe3s3qD52d:9SXKwO2WDj6C9YV3uKfhs
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  DMSharedClasses.dll
- Size
  
  56KB
- MD5
  
  bd911e6679e23c391a05d789317e6095
- SHA1
  
  8d92066b0a3f166712e1831e4f23ba785bd9d498
- SHA256
  
  65ff876ec36036d771120ff9f8cd5899e5eff32518c1fdb49dc288ea3d61276f
- SHA512
  
  c0cd08d30ffc5d2b603024a84edffee84d07c771badd66390560e9d7a0504e61c1905bfa839addc21e17c14db935a89471e367258257fcad9102d40c1330d4e2
- SSDEEP
  
  1536:Bm9fs+I6dH5DTNA2FFQRus7Zpe+P4u5m:BilI6dH5DW2pslhm
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  DMStartupWizard.XmlSerializers.dll
- Size
  
  44KB
- MD5
  
  d67c4e1224cd57f1b77720e73e3f6cbb
- SHA1
  
  c0c1dd2281014525a41df8a2adcbf4c9b67b34c5
- SHA256
  
  010a25c647ee6fb61a258689c7028d68b1a5d2e2083055e8abf7c93b7eb736e4
- SHA512
  
  255b1e1f9b638bb6a71d9fd494a59aeb6f9dcd5972870e3c7cf040c1da5c66668fdffe0b66bd93cb05e645a67b5d6ef035a5b5601dfd635424562933d33d81df
- SSDEEP
  
  768:+E9kv9kj9EwOZ/Wy7bjjjjjjjjjjjjjjjaofrDQGS27fCXgYPe47G1EECRh8wjH5:+/wGjjjjjjjjjjjjjjjauYPe47G1EEC1
Score

1^/10
behavioral15 behavioral16
- Target
  
  DMStartupWizard.dll
- Size
  
  361KB
- MD5
  
  445a6d2c117f3cb7e19aaa2099f9fd1b
- SHA1
  
  b54bdc47a3c520ecf1a3b7d3b6762e43adb110e5
- SHA256
  
  70c70e21df6e92f156e61c6056e91df9bbc1dad82a04461a8c0b64f299aa3f3b
- SHA512
  
  3b95cea3791ea29e14ddd33b082eefb5a34009c90aa7f58fd5ba582e740780b9ae7cb52450fbd47cc106af011ab66223bc7990cb5350fd24fb5c406f2bd42042
- SSDEEP
  
  3072:1vBhvBjvBzbDynVr0820q+8G9US77nL7H7V0/LekGpwF92vBwZX6JPD+PjVM5KQ6:LPtzb2RrDjUwjnZie5GswZq
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  DMUpdater.exe
- Size
  
  81KB
- MD5
  
  745092d6a4bce581417f795d07a27472
- SHA1
  
  49a62f00032b7cb0aca20cd798b70f022e8004ed
- SHA256
  
  c3edc09dce874bc8614bcf7ba12a28c2697a0b2c72b352260f3eed50f1803503
- SHA512
  
  561faa146447c2bb01cee6edbdb9f4651c4136f87114ef1edd72f1660a65d9740c511788a53844354a07c0ef9ece3b0f5bafe4bde3a742d9decc2b898b1ae7d6
- SSDEEP
  
  768:2JVDjSa2cr7NkwVqKira6h3PmOQQ7jSa2cr7NkwVqKira6:2vGa2ceXpzFuOQQ7Ga2ceXpz
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  DataMaster Launcher.exe
- Size
  
  81KB
- MD5
  
  a6fdd40f6ea54c4d908a39e280581ed6
- SHA1
  
  4747af60ca59ae9a0eb2c34ad1b4d12a1c680236
- SHA256
  
  833aed1e41c3440ca0752f7ed5409f28bbc8811d263c466b6b73877661f3e31d
- SHA512
  
  fb7fa74266b01e45d477e565c59177811c535a08041aab0bcff6d0f8d8e09ae312d603fd5f01b4e35bfd4bb1188cdc3ce780b5fa9e623923679f029e0cd6d218
- SSDEEP
  
  768:8JjSa2cr7NkwVqKira6Fp3ASd5jSa2cr7NkwVqKira6:mGa2ceXpzMSd5Ga2ceXpz
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  DataMaster REcolorado.XmlSerializers.dll
- Size
  
  15KB
- MD5
  
  a188d2e921707a79af4be82f5cf4253f
- SHA1
  
  e0db54ed8d11adee65cd898393718ede4572e178
- SHA256
  
  8b9d43828cf84bcbf91f960b174aebd059114646e57488ec4ca0969392a6c719
- SHA512
  
  e9e9a597fca50fa4dbb74c2ce22be89ecccf0944e1d0ef508cc75c19d6e3fea23c64bbe45aa32017189087c22201e0a4c7dbd99d171e40627ff2447b9648108c
- SSDEEP
  
  192:hyG8aFPTIQgnoh2AmgSvO9KYJ61WuCRFpjN4i4udP4MH:EaFjh27O9KYJwWHFpG1udQ
Score

1^/10
behavioral23 behavioral24
- Target
  
  DataMaster REcolorado.exe
- Size
  
  2.9MB
- MD5
  
  7dc093529330539beccee3b63154f8a0
- SHA1
  
  4c6216cb29978f6de490f8225d1aebc7e28e269f
- SHA256
  
  41fb79f237de3beb6594e47d665bfae91bfa69f3658236f21c07c114b5283f13
- SHA512
  
  f7327e0c9c2b4607f9b473963542d26717d0b1cf03ea937d10561a7b0387d620f7342f63e6d198b9fb3272b71d00aa754a0b3589dad25dbe4b3c34df0a8821ad
- SSDEEP
  
  12288:QKdef19LY2DqrUsGXxuA1YSjqiFS+9D0C/OD32kFnYHrwG91SpoD0THE0T99DKJ9:u19LYhgcpoMRAmhWjBrm3XCHniwtP
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  DataMasterAssociater.exe
- Size
  
  89KB
- MD5
  
  33dafe5b1bc50ffa872c707f0bd603e4
- SHA1
  
  6648616cfa7785206d5283602ae08054d36a5714
- SHA256
  
  5d7d123530ff92de959af7b79a8547486169e356e24b83775aaade2d0c991dd7
- SHA512
  
  745f5b191f98fd50504260be2053afcea3e0f428e932562ee0bbb761473f227d209ea3199b63357c1c9fc67acfdf6baf522e284d4650ec252c323a6e314bf4c5
- SSDEEP
  
  768:mflfmv1jSa2cr7NkwVqKira6Gqvg3roDxXWLAbJwTCLvjSa2cr7NkwVqKira6:ma1Ga2ceXpzGqtDVCAKUvGa2ceXpz
Score

3^/10

discovery
behavioral27 behavioral28
- Target
  
  DataMasterDDE.exe
- Size
  
  46KB
- MD5
  
  98a570f6e1c079ec2397ddb564ec4525
- SHA1
  
  2ed2af84109eb7074831b1a6c256e57e50de4bf9
- SHA256
  
  c2ccc4b59aa95619f4ae4b8096e6f29788ed9b3b0ce2aa03398f368f72265fec
- SHA512
  
  798ea47b04cd6a11c4f25d752c95d64931b195a8b3313b27603f1d76bdec0c324419aeaba6e8f3be3f84a5e3aceb9c4ec684ae48570ca3f695739f636fc4615d
- SSDEEP
  
  384:DGh4oUj2kpIZNM4w9u46m2hq2IinKvRvGuRgP2crsW9NW7QhVqKmdDfokgKbuikw:DFoCpICuw2bnjSa2cr7NkwVqKira6
Score

3^/10

discovery
behavioral29 behavioral30
- Target
  
  DataMasterPlus.XmlSerializers.dll
- Size
  
  88KB
- MD5
  
  f84d6f5da6c3b0f1b3cdfaf9deff30d9
- SHA1
  
  e3b77278aae49df7c3db9506532fa34eed7145a3
- SHA256
  
  f671c5101ee412408df19915fd0108e0b4a18794ec2acb033f66f110e99c166a
- SHA512
  
  ff79fb1dc811ef2f4e11d03123ed7ea859e9b733d3ab56767444883f698edb994684e9ed29731f5d083c05680284d0ccf91f1ea40d466a3971df12ae13b7beb7
- SSDEEP
  
  1536:u19vB9J6V0/BuOK5fDYQ4kffLz4MG1EErXv0W7yZyoFJ/2SR5PT7DeOqeO2brIbN:u19vBE0/BK5fDYQ4kffLz4MG1EErXv0y
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

stealerrevengerat

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32