revengerat | ddeed3d9b0b118f2b7220f89432707a34fd184f47d5d32bde3fb61ea2f41fbf9 | Triage

Submit
Reports

Overview

overview

Static

static

c70361c5f5...18.exe

windows7-x64

8

c70361c5f5...18.exe

windows10-2004-x64

8

Sharing

General

Target

c70361c5f5187d013805c57b1667e9c5_JaffaCakes118
Size

708KB
Sample

240828-rjqgastarm
MD5

c70361c5f5187d013805c57b1667e9c5
SHA1

e62bec87f0f05de22b086ed7c1fb3b9fde295e70
SHA256

ddeed3d9b0b118f2b7220f89432707a34fd184f47d5d32bde3fb61ea2f41fbf9
SHA512

a4a5e9fa98cae93b3d12d419ef0423794871bd4c6e120b2a079d2605bed7ebd084d3160aaa00896b03b0e837e89695a5cd08823538842799ab61fa5ff358cb27
SSDEEP

12288:muQ92irZpj84UKbxX5EBuvbVwwEKar4nrWQgr/0pZ12Xx:mciTj84fp6uvbVwwEbYrWnYpq

Score

10^/10

revengerat discovery evasion stealer

Static task

static1

stealer revengerat

3 signatures

Behavioral task

behavioral1

Sample

c70361c5f5187d013805c57b1667e9c5_JaffaCakes118.exe

Resource

win7-20240705-en

discovery evasion

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

c70361c5f5187d013805c57b1667e9c5_JaffaCakes118.exe

Resource

win10v2004-20240802-en

discovery evasion

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  c70361c5f5187d013805c57b1667e9c5_JaffaCakes118
- Size
  
  708KB
- MD5
  
  c70361c5f5187d013805c57b1667e9c5
- SHA1
  
  e62bec87f0f05de22b086ed7c1fb3b9fde295e70
- SHA256
  
  ddeed3d9b0b118f2b7220f89432707a34fd184f47d5d32bde3fb61ea2f41fbf9
- SHA512
  
  a4a5e9fa98cae93b3d12d419ef0423794871bd4c6e120b2a079d2605bed7ebd084d3160aaa00896b03b0e837e89695a5cd08823538842799ab61fa5ff358cb27
- SSDEEP
  
  12288:muQ92irZpj84UKbxX5EBuvbVwwEKar4nrWQgr/0pZ12Xx:mciTj84fp6uvbVwwEbYrWnYpq
Score

8^/10

discovery evasion
- Disables RegEdit via registry modification
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

stealerrevengerat

behavioral1

discoveryevasion

behavioral2

discoveryevasion

© 2018-2024

Terms | Privacy