revengerat | 0fb3580100336efca6c544a8c1d06591e8a579dce56dab29ffec305d3604abae | Triage

Sharing

General

Target

Client.exe
Size

23KB
Sample

240913-x2wnxstgll
MD5

12127e146732656cfc4877ad45d22ed4
SHA1

73e3b4c65b813dea1bca2a269e85740105c53718
SHA256

0fb3580100336efca6c544a8c1d06591e8a579dce56dab29ffec305d3604abae
SHA512

5ff955385a1de1add44eb4cc597b5c78db757c46a706d543c83fc53de5d39fa4935cd4fd5b9d382117c7886f02452ba8e40d47ec97d2cc766b499281ce467ff8
SSDEEP

384:eb+cnNz7glTgMnmrBcNFEhmisbYpPyzAVFCzYcHe+Z:ebtlcjsCAV8zYcHe+Z

Score

10^/10

revengerat guest discovery persistence stealer trojan

Malware Config

Extracted

Family

revengerat

Botnet

Guest

C2

127.0.0.1:333

Mutex

RV_MUTEX

Targets

- Target
  
  Client.exe
- Size
  
  23KB
- MD5
  
  12127e146732656cfc4877ad45d22ed4
- SHA1
  
  73e3b4c65b813dea1bca2a269e85740105c53718
- SHA256
  
  0fb3580100336efca6c544a8c1d06591e8a579dce56dab29ffec305d3604abae
- SHA512
  
  5ff955385a1de1add44eb4cc597b5c78db757c46a706d543c83fc53de5d39fa4935cd4fd5b9d382117c7886f02452ba8e40d47ec97d2cc766b499281ce467ff8
- SSDEEP
  
  384:eb+cnNz7glTgMnmrBcNFEhmisbYpPyzAVFCzYcHe+Z:ebtlcjsCAV8zYcHe+Z
Score

10^/10

revengerat guest discovery persistence stealer trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- RevengeRat Executable
  stealer
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

stealerguestrevengerat

behavioral1

revengeratguestdiscoverypersistencestealertrojan