revengerat | a315a5023f879208dca5f5f5486c8bfc23ed13e18bac83cef13579a123532dce | Triage

Submit
Reports

Overview

overview

Static

static

1

setup_nt.exe

windows10-1703-x64

Sharing

General

Target

setup_nt.exe
Size

78.3MB
Sample

240919-ayr51a1hmm
MD5

53d9920e0bc746101dda3d70e1b7b3d1
SHA1

a2c8ca9bdd1398cd0b08dd4824fb8714acf3c072
SHA256

a315a5023f879208dca5f5f5486c8bfc23ed13e18bac83cef13579a123532dce
SHA512

660951b3bcfde545d4eff4da63eeb0d4201a9167dd954cf1ce42eb351d15d3ff21baba914254c1096488e34b57999008c23588227b840d3979608faf07aaebc6
SSDEEP

1572864:/WIPn5UPrh+YnUaMRAMShUDuO69p2Xzixl3cgD5LJIqi9pV:Dn5UThvnHMRAjyDur9pcUoqYpV

Score

10^/10

revengerat discovery persistence privilege_escalation stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

setup_nt.exe

Resource

win10-20240404-en

revengerat discovery persistence privilege_escalation stealer trojan

windows10-1703-x64

19 signatures

150 seconds

Malware Config

Targets

- Target
  
  setup_nt.exe
- Size
  
  78.3MB
- MD5
  
  53d9920e0bc746101dda3d70e1b7b3d1
- SHA1
  
  a2c8ca9bdd1398cd0b08dd4824fb8714acf3c072
- SHA256
  
  a315a5023f879208dca5f5f5486c8bfc23ed13e18bac83cef13579a123532dce
- SHA512
  
  660951b3bcfde545d4eff4da63eeb0d4201a9167dd954cf1ce42eb351d15d3ff21baba914254c1096488e34b57999008c23588227b840d3979608faf07aaebc6
- SSDEEP
  
  1572864:/WIPn5UPrh+YnUaMRAMShUDuO69p2Xzixl3cgD5LJIqi9pV:Dn5UThvnHMRAjyDur9pcUoqYpV
Score

10^/10

revengerat discovery persistence privilege_escalation stealer trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- RevengeRat Executable
  stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Component Object Model Hijacking

Privilege Escalation

Event Triggered Execution

Component Object Model Hijacking

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

revengeratdiscoverypersistenceprivilege_escalationstealertrojan

© 2018-2024

Terms | Privacy