revengerat | ed1dcba995ed1ca1102131986fa0ad453e2443e1beb614f243c7b420e1a8ab46 | Triage

Submit
Reports

Overview

overview

Static

static

e612faf3c6...18.exe

windows7-x64

e612faf3c6...18.exe

windows10-2004-x64

Sharing

General

Target

e612faf3c6e6b0fd54efde7cdd819750_JaffaCakes118
Size

21KB
Sample

240917-ffa2navhpm
MD5

e612faf3c6e6b0fd54efde7cdd819750
SHA1

ce59575a14908d3ae8059ea2f116085102d941c5
SHA256

ed1dcba995ed1ca1102131986fa0ad453e2443e1beb614f243c7b420e1a8ab46
SHA512

0aca9d1c79b8387a22fbca20163131e7c4d8624422cf1a9305652a43ab630c7de2810bbd94b77dff86713f7d68c23c9ad91c5ca96d17398cfb11d45e345bf102
SSDEEP

384:px4X0KIjvzobOBCVVuzmVsbYpHsoygDY:D4X2wbICz/3TDY

Score

10^/10

revengerat g1 discovery stealer trojan

Static task

static1

stealer g1 revengerat

3 signatures

Behavioral task

behavioral1

Sample

e612faf3c6e6b0fd54efde7cdd819750_JaffaCakes118.exe

Resource

win7-20240903-en

revengerat g1 discovery stealer trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

e612faf3c6e6b0fd54efde7cdd819750_JaffaCakes118.exe

Resource

win10v2004-20240802-en

revengerat g1 discovery stealer trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

revengerat

Botnet

G1

C2

185.84.181.90:1175

Mutex

RV_MUTEX-KawrHJfWfhaRC

Targets

- Target
  
  e612faf3c6e6b0fd54efde7cdd819750_JaffaCakes118
- Size
  
  21KB
- MD5
  
  e612faf3c6e6b0fd54efde7cdd819750
- SHA1
  
  ce59575a14908d3ae8059ea2f116085102d941c5
- SHA256
  
  ed1dcba995ed1ca1102131986fa0ad453e2443e1beb614f243c7b420e1a8ab46
- SHA512
  
  0aca9d1c79b8387a22fbca20163131e7c4d8624422cf1a9305652a43ab630c7de2810bbd94b77dff86713f7d68c23c9ad91c5ca96d17398cfb11d45e345bf102
- SSDEEP
  
  384:px4X0KIjvzobOBCVVuzmVsbYpHsoygDY:D4X2wbICz/3TDY
Score

10^/10

revengerat g1 discovery stealer trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- RevengeRat Executable
  stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

stealerg1revengerat

behavioral1

revengeratg1discoverystealertrojan

behavioral2

revengeratg1discoverystealertrojan

© 2018-2024

Terms | Privacy