revengerat | a621f7d758f70c986ebc40d2e9ad89187a4659f1e26ae33af6b19557c0074038 | Triage

Submit
Reports

Overview

overview

Static

static

Client‮4PM..exe

windows7-x64

Client‮4PM..exe

windows10-2004-x64

Sharing

General

Target

Client‮4PM..exe
Size

467KB
Sample

240913-1ke7dszgqk
MD5

b46e938e455f07908b277bacaf40c1b8
SHA1

10b0d817957340cf35df3b20a37a14ec12ccf34a
SHA256

a621f7d758f70c986ebc40d2e9ad89187a4659f1e26ae33af6b19557c0074038
SHA512

965da90a55b382b78e385e20f1714541ac64b2c9e62605cf0b14513d21a5e181b6def0e9df04f74cb55759b070a399c5593142476da15358cdf022d1b00eb8c7
SSDEEP

3072:md3MwOibhTsNElLD5CbwDa9SY4AwZB7uy6W:md3BhTsNElLDzD+7PwTam

Score

10^/10

revengerat guest discovery stealer trojan

Static task

static1

stealer guest revengerat

3 signatures

Behavioral task

behavioral1

Sample

Client‮4PM..exe

Resource

win7-20240903-en

revengerat guest discovery stealer trojan

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

Client‮4PM..exe

Resource

win10v2004-20240802-en

revengerat guest discovery trojan

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

revengerat

Botnet

Guest

C2

127.0.0.1:333

Mutex

RV_MUTEX

Targets

- Target
  
  Client‮4PM..exe
- Size
  
  467KB
- MD5
  
  b46e938e455f07908b277bacaf40c1b8
- SHA1
  
  10b0d817957340cf35df3b20a37a14ec12ccf34a
- SHA256
  
  a621f7d758f70c986ebc40d2e9ad89187a4659f1e26ae33af6b19557c0074038
- SHA512
  
  965da90a55b382b78e385e20f1714541ac64b2c9e62605cf0b14513d21a5e181b6def0e9df04f74cb55759b070a399c5593142476da15358cdf022d1b00eb8c7
- SSDEEP
  
  3072:md3MwOibhTsNElLD5CbwDa9SY4AwZB7uy6W:md3BhTsNElLDzD+7PwTam
Score

10^/10

revengerat guest discovery stealer trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- RevengeRat Executable
  stealer
- Uses the VBS compiler for execution
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

stealerguestrevengerat

behavioral1

revengeratguestdiscoverystealertrojan

behavioral2

revengeratguestdiscoverytrojan

© 2018-2024

Terms | Privacy