revengerat | 2af5fc505458297afd7d8dd4611c03e791b26ba2772517a796431c2d868e3eee | Triage

Sharing

General

Target

937d529200eb2649e1439ddd2171d4f5_JaffaCakes118
Size

63KB
Sample

240813-rv9djsyenb
MD5

937d529200eb2649e1439ddd2171d4f5
SHA1

a551b43234854d879d8cdd7f0e8696d55d32b7d9
SHA256

2af5fc505458297afd7d8dd4611c03e791b26ba2772517a796431c2d868e3eee
SHA512

4b158daa7153597661a25a4f3ad346dbd462bc9496fe6bf9eb3911cf670ba572b9e1ef3166998a2e20b5c9257caa6f57ed683a3ae307c80c8a931240f3c60e1e
SSDEEP

768:WkIsGuotaVrL6l4ubFzsjhcv+cerumYeamq19zPN4QVmDVyR8XJBrUIz2T6:qwoTfKFw+hJYeaVbCQVmDVvDwIL

Score

10^/10

revengerat discovery execution persistence stealer trojan

Malware Config

Targets

- Target
  
  937d529200eb2649e1439ddd2171d4f5_JaffaCakes118
- Size
  
  63KB
- MD5
  
  937d529200eb2649e1439ddd2171d4f5
- SHA1
  
  a551b43234854d879d8cdd7f0e8696d55d32b7d9
- SHA256
  
  2af5fc505458297afd7d8dd4611c03e791b26ba2772517a796431c2d868e3eee
- SHA512
  
  4b158daa7153597661a25a4f3ad346dbd462bc9496fe6bf9eb3911cf670ba572b9e1ef3166998a2e20b5c9257caa6f57ed683a3ae307c80c8a931240f3c60e1e
- SSDEEP
  
  768:WkIsGuotaVrL6l4ubFzsjhcv+cerumYeamq19zPN4QVmDVyR8XJBrUIz2T6:qwoTfKFw+hJYeaVbCQVmDVvDwIL
Score

10^/10

revengerat discovery execution persistence stealer trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- RevengeRat Executable
  stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Scripting

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

stealerrevengerat

behavioral1

revengeratdiscoveryexecutionpersistencestealertrojan

behavioral2

revengeratdiscoveryexecutionpersistencestealertrojan