revengerat | 69a7fd5ba6e543deeba3bc302c5cde78e0e089e95b28a86a46783d5db0f8c683 | Triage

Sharing

General

Target

cf63d0b15d5d11efe96b97b75ec9e767_JaffaCakes118
Size

1KB
Sample

240906-m17dxsshmg
MD5

cf63d0b15d5d11efe96b97b75ec9e767
SHA1

7bc07ee8846a857df1212d808c968a357104965c
SHA256

69a7fd5ba6e543deeba3bc302c5cde78e0e089e95b28a86a46783d5db0f8c683
SHA512

0f65c743989ce23c419865aec2bdb5ad23878015b9bca8fd140843bb3a77ea7f04652f7b105e758ee5a0b9f3a20743896af0c4ee3b65656df855056bad9efdc0

Score

10^/10

revengerat 442,discovery execution stealer trojan

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

http://bit.ly/2XDPsZ6

Extracted

Family

revengerat

Botnet

442,

C2

googleq.myq-see.com,googletest.linkpc.net:,

Mutex

,

Targets

- Target
  
  cf63d0b15d5d11efe96b97b75ec9e767_JaffaCakes118
- Size
  
  1KB
- MD5
  
  cf63d0b15d5d11efe96b97b75ec9e767
- SHA1
  
  7bc07ee8846a857df1212d808c968a357104965c
- SHA256
  
  69a7fd5ba6e543deeba3bc302c5cde78e0e089e95b28a86a46783d5db0f8c683
- SHA512
  
  0f65c743989ce23c419865aec2bdb5ad23878015b9bca8fd140843bb3a77ea7f04652f7b105e758ee5a0b9f3a20743896af0c4ee3b65656df855056bad9efdc0
Score

10^/10

discovery execution revengerat 442,stealer trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- RevengeRat Executable
  stealer
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2

revengerat442,discoveryexecutionstealertrojan