revengerat | db65280d39d7bec4b985279f393746e63b1298459d72012e63e94947b49e516d | Triage

Sharing

General

Target

d70017e8f5ddabf929afb1d001630387_JaffaCakes118
Size

17KB
Sample

240909-ypeqbaxbnk
MD5

d70017e8f5ddabf929afb1d001630387
SHA1

e011f34109a0185fd5bb59fde048d1bf7034da47
SHA256

db65280d39d7bec4b985279f393746e63b1298459d72012e63e94947b49e516d
SHA512

3cba6acb676ba10842d2525dc22b3c803896628982d238934796a4ff85c277cec2f8a42a6e670932749110d1f445f7e7fcc3235f80f313b6b189cbb0b22ff60f
SSDEEP

384:fsTbhGnq1JXsoEIPJvnbisVKwMy+Lu2s2:fsTb+a5kIRmza2

Score

10^/10

revengerat godsplan persistence stealer trojan

Malware Config

Extracted

Family

revengerat

Botnet

GodsPlan

C2

127.0.0.1:333

127.0.0.1:4040

69.87.219.76:333

69.87.219.76:4040

Mutex

RV_MUTEX

Targets

- Target
  
  d70017e8f5ddabf929afb1d001630387_JaffaCakes118
- Size
  
  17KB
- MD5
  
  d70017e8f5ddabf929afb1d001630387
- SHA1
  
  e011f34109a0185fd5bb59fde048d1bf7034da47
- SHA256
  
  db65280d39d7bec4b985279f393746e63b1298459d72012e63e94947b49e516d
- SHA512
  
  3cba6acb676ba10842d2525dc22b3c803896628982d238934796a4ff85c277cec2f8a42a6e670932749110d1f445f7e7fcc3235f80f313b6b189cbb0b22ff60f
- SSDEEP
  
  384:fsTbhGnq1JXsoEIPJvnbisVKwMy+Lu2s2:fsTb+a5kIRmza2
Score

10^/10

revengerat godsplan persistence stealer trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- RevengeRat Executable
  stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

stealergodsplanrevengerat

behavioral1

revengeratgodsplanpersistencestealertrojan

behavioral2

revengeratpersistencestealertrojan