revengerat | 867d4ec9caf05b90f7baa231b19c8db9392e45ad957cd9d1c10a5113e579b2e1 | Triage

Submit
Reports

Overview

overview

Static

static

5

db68ffa236...4b.exe

windows7-x64

db68ffa236...4b.exe

windows10-2004-x64

Sharing

General

Target

867d4ec9caf05b90f7baa231b19c8db9392e45ad957cd9d1c10a5113e579b2e1
Size

527KB
Sample

240902-d7pm1s1gqh
MD5

b3cf08918b6b3809053149557dfcc876
SHA1

fd5411a1e7c9a42ba757ed0637cde15bac6f6f17
SHA256

867d4ec9caf05b90f7baa231b19c8db9392e45ad957cd9d1c10a5113e579b2e1
SHA512

c5975d508edae31200d39508293d5c03c1cd0839793bd3a3588b3a174a2d2ef0e621da97ec151dc719c25ab6249b471f9383995525463e56aad518ef2c461c4f
SSDEEP

12288:u0927LBx2fA7WjU2572fH+XJYdcKVfraXjzi:tSnGA7UUk72fMKDGXjzi

Score

10^/10

revengerat guest discovery trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

db68ffa236dd34fb3c092e3b76b511bc16bbc0451c23a4e0a2083b6e744a5f4b.exe

Resource

win7-20240729-en

revengerat guest discovery trojan

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

db68ffa236dd34fb3c092e3b76b511bc16bbc0451c23a4e0a2083b6e744a5f4b.exe

Resource

win10v2004-20240802-en

revengerat guest discovery trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

revengerat

Botnet

Guest

C2

ournewcompany2.hopto.org:333

Mutex

RV_MUTEX

Targets

- Target
  
  db68ffa236dd34fb3c092e3b76b511bc16bbc0451c23a4e0a2083b6e744a5f4b
- Size
  
  944KB
- MD5
  
  84a4cb98d7bce223019fe142191dc5af
- SHA1
  
  63386615792f409bf3cbcc78c2a53ae1438bc5ea
- SHA256
  
  db68ffa236dd34fb3c092e3b76b511bc16bbc0451c23a4e0a2083b6e744a5f4b
- SHA512
  
  1f7b06b720d424782bc31f554e33a6b80f9451076047540bc6744aa2a802824a9c73577f748f6d808195ddaa3354022d8e7ad61b814bd859036ce1944d2d1b32
- SSDEEP
  
  12288:gCdOy3vVrKxR5CXbNjAOxK/j2n+4YG/6c1mFFja3mXgcjfRlgsUBgaH7nhEJes3P:gCdxte/80jYLT3U1jfsWabncesOCKlQ
Score

10^/10

revengerat guest discovery trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

revengeratguestdiscoverytrojan

behavioral2

revengeratguestdiscoverytrojan

© 2018-2024

Terms | Privacy