revengerat | 94848d51c7af3005826cc841f475691be91e267981258000bdbd6274ba83c3eb | Triage

Sharing

General

Target

7bd4aa2c112ccffee7efbaa419fa5cc2_JaffaCakes118
Size

55KB
Sample

240731-jzgv4avdqn
MD5

7bd4aa2c112ccffee7efbaa419fa5cc2
SHA1

ca2b6c237c0c222303598e55343a703f6e077ab6
SHA256

94848d51c7af3005826cc841f475691be91e267981258000bdbd6274ba83c3eb
SHA512

36e660ca7a2ee3efaa834595f7f0dd55184d86089abd2cf8e1783906bdb6f921333b324f50a26e93a76c5370eadb86386a53b06d0f51e076d6862967b4d6ecab
SSDEEP

768:8t9p8q06ET5JGpfLcm8FcLQTrIkh6iy8pP7HhHltThV/mrzYcCe:8tsvCpfLcm82LQ/B48J7ZThtmZ

Score

10^/10

revengerat v_1_d_4_l_0_k_4 discovery stealer trojan

Malware Config

Extracted

Family

revengerat

Botnet

V_1_d_4_L_0_k_4

C2

hax00r.duckdns.org:3333

Mutex

RV_MUTEX-DRRrJCqsBKTC

Targets

- Target
  
  7bd4aa2c112ccffee7efbaa419fa5cc2_JaffaCakes118
- Size
  
  55KB
- MD5
  
  7bd4aa2c112ccffee7efbaa419fa5cc2
- SHA1
  
  ca2b6c237c0c222303598e55343a703f6e077ab6
- SHA256
  
  94848d51c7af3005826cc841f475691be91e267981258000bdbd6274ba83c3eb
- SHA512
  
  36e660ca7a2ee3efaa834595f7f0dd55184d86089abd2cf8e1783906bdb6f921333b324f50a26e93a76c5370eadb86386a53b06d0f51e076d6862967b4d6ecab
- SSDEEP
  
  768:8t9p8q06ET5JGpfLcm8FcLQTrIkh6iy8pP7HhHltThV/mrzYcCe:8tsvCpfLcm82LQ/B48J7ZThtmZ
Score

10^/10

revengerat v_1_d_4_l_0_k_4 discovery stealer trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- RevengeRat Executable
  stealer
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

revengeratv_1_d_4_l_0_k_4discoverystealertrojan

behavioral2

revengeratv_1_d_4_l_0_k_4discoverystealertrojan