revengerat | 2821a5445ed9bf510e13a71247a8bca772745c196a9002b30bf93b3bfa877ffa | Triage

Submit
Reports

Overview

overview

Static

static

eb02276f5d...18.exe

windows7-x64

8

eb02276f5d...18.exe

windows10-2004-x64

8

Sharing

General

Target

eb02276f5d3511db2aaffbff160f215b_JaffaCakes118
Size

264KB
Sample

240919-k4y6ls1err
MD5

eb02276f5d3511db2aaffbff160f215b
SHA1

7fcfb36821b1a730e32ec96effd029f5441a4444
SHA256

2821a5445ed9bf510e13a71247a8bca772745c196a9002b30bf93b3bfa877ffa
SHA512

7a2c643b7c6a8da2d6df22583bf81e30aa355bd763d3f388d4e175b34b85fca275713ba3cbddd9bc52fc3cddc12047a8180df9d1ca360d33f67b871d591ed59d
SSDEEP

3072:SfZDZxpT4mgvUCdjtj5Tbd6mF0yQBVdJxPUocNxLFJs7P:Sf/YnZf6BD3so3P

Score

10^/10

revengerat discovery evasion persistence stealer

Static task

static1

stealer revengerat

3 signatures

Behavioral task

behavioral1

Sample

eb02276f5d3511db2aaffbff160f215b_JaffaCakes118.exe

Resource

win7-20240903-en

discovery evasion persistence

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

eb02276f5d3511db2aaffbff160f215b_JaffaCakes118.exe

Resource

win10v2004-20240802-en

discovery evasion persistence

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Targets

- Target
  
  eb02276f5d3511db2aaffbff160f215b_JaffaCakes118
- Size
  
  264KB
- MD5
  
  eb02276f5d3511db2aaffbff160f215b
- SHA1
  
  7fcfb36821b1a730e32ec96effd029f5441a4444
- SHA256
  
  2821a5445ed9bf510e13a71247a8bca772745c196a9002b30bf93b3bfa877ffa
- SHA512
  
  7a2c643b7c6a8da2d6df22583bf81e30aa355bd763d3f388d4e175b34b85fca275713ba3cbddd9bc52fc3cddc12047a8180df9d1ca360d33f67b871d591ed59d
- SSDEEP
  
  3072:SfZDZxpT4mgvUCdjtj5Tbd6mF0yQBVdJxPUocNxLFJs7P:Sf/YnZf6BD3so3P
Score

8^/10

discovery evasion persistence
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

stealerrevengerat

behavioral1

discoveryevasionpersistence

behavioral2

discoveryevasionpersistence

© 2018-2024

Terms | Privacy