revengerat | 751ab6c224bfc8714a9f5704dbbf69936864907d73bb26ad62e452d17451cb74 | Triage

Sharing

General

Target

Revenge-RATv0.32.zip
Size

14.4MB
Sample

240927-x1bmcsvepp
MD5

1a3126dd39360ad9288b4257ca479a05
SHA1

f55e35dc78e9812b085b95d35c2c7c274b41ce8e
SHA256

751ab6c224bfc8714a9f5704dbbf69936864907d73bb26ad62e452d17451cb74
SHA512

dd6fbb7725441cd0639739eefbc3f7cb06b6d40287cd53d05e20da25086e5f3263e40015e90a6c920fdf0f4a9c4ada8f237231ef2a0170d254dcb3e6a4e6e507
SSDEEP

393216:ErrXrrjnSRIerLSVs6uD4FFlW5Z3K+N0ghpkbj24kEM:ErjrXte6wDEl43K+Nrhpkf5K

Score

10^/10

revengerat guest discovery stealer upx

Malware Config

Extracted

Family

revengerat

Botnet

Guest

C2

127.0.0.1:333

Mutex

RV_MUTEX

Targets

- Target
  
  Revenge-RAT v0.3/Revenge-RAT v0.3/AForge.Video.DirectShow.dll
- Size
  
  35KB
- MD5
  
  2343899ea6b3dff06a6db2f0fbd86406
- SHA1
  
  9a578eb8fc1d0b9d12adc6a0fcc39ee822c5fd0c
- SHA256
  
  643a7f9754d90d475db3f84af7b254a64dd555ced0f039aaa4f08b5b27ab4fdb
- SHA512
  
  0ed7f9d8630dd9e946b9d3c22eaa84bcfbdfc8c8f2dccc877f47a176789ce70118f670ee23d820c6a42a2b4099b9088aaae1da8a957bded12224632440bda5c6
- SSDEEP
  
  768:0/Xil9fEWM0yVnO9Y5UTOSsxrC2dkbpN+2MvkYr:0gM0G5UTOtubpN+9MYr
Score

1^/10
behavioral1 behavioral2
- Target
  
  Revenge-RAT v0.3/Revenge-RAT v0.3/AForge.Video.dll
- Size
  
  16KB
- MD5
  
  a614d58e17ba34826b59c4942c32f078
- SHA1
  
  c16382c25de65a9ed84b0f87288e473e62ade7da
- SHA256
  
  311724ff73b331cd6de0649b01923f7e43d168aa5b1e7f031b2b175148062757
- SHA512
  
  dec8564442dbba55f60bc74127c4118347b014ecc776f54c257d0e1e5cd3b80df635003da91cb906671ad3912d44de64548f62dc29ca3dd6de8d73ec1a1cbad9
- SSDEEP
  
  384:FgTJd+C0VUZpdoXAlFMJtirnLiDl1B9yf0G:yqalLiTB9y8G
Score

1^/10
behavioral3 behavioral4
- Target
  
  Revenge-RAT v0.3/Revenge-RAT v0.3/Client.exe
- Size
  
  16KB
- MD5
  
  010aabdc4dc52b82d3c6945aaefd22ec
- SHA1
  
  8f50c8e53c7da15308b57b399c22ab7b97333f5a
- SHA256
  
  0b3472c651db8cc9991a92097c22dc4cab8467aff96591f76fb89bc3af8eadaa
- SHA512
  
  609b0a617e4d6a168497b6aa8173b43690f57aefcf48eb3ce06540e7b9cde10b9e741c5d7b9eef936ab3d7857d155189902d0ab7b89784f0b61b74c10196bc0d
- SSDEEP
  
  384:X/5gk7lVzF3smf9oDPlMNcLlb5sVKhyLF5Ct:X/5gk7lVZjclMNEio
Score

1^/10
behavioral5 behavioral6
- Target
  
  Revenge-RAT v0.3/Revenge-RAT v0.3/Extensions/AHK/Ahk2Exe.exe
- Size
  
  339KB
- MD5
  
  d717d5943bdca2758360e4fa3b008a49
- SHA1
  
  3066109dbebd2ddd2ce658ca07e88062bc2ff679
- SHA256
  
  e2a00647b5fa56b077d3d07b1c05e3b76b7269e07fc3ea84750eb03ad71024de
- SHA512
  
  3cb028a6ede052842026a278e4cd67682b80cd45945612a07204841e68a09e6fed64de45f984316d6c8de2a44a7d99236339801ae9c4db2f1524f67f659edfeb
- SSDEEP
  
  6144:Pbbs8miuWxBn061wjr36UIU+yoTiKVpwCbC/ry7YOTD03AKDGb9V/:TgrTMn061M36RUOTvpwpNO/0dDGH
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  Revenge-RAT v0.3/Revenge-RAT v0.3/Extensions/AHK/AutoHotkeySC.bin
- Size
  
  802KB
- MD5
  
  b86564d0eb29a5faab9e8daacf269df4
- SHA1
  
  c5e80905834d48ea1750b2ff4e2fa1b354adb9df
- SHA256
  
  2514235c34d17fdb4a8448bd088d89f631f5d70f12f5f7d5ee552144a345ed2d
- SHA512
  
  6fb1f669290d752d3cc4c96917969e0c958ca1643fff5ccbb8e2a6d5d8b6c011dcc782c5795cde2b0c83b65176e33dfb6cac98ce2a6cfb848888187c5a51955a
- SSDEEP
  
  24576:oNR2zaQBt37/CZ0w1PeWnzqhqCC6+PEy:dUsrC6aE
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  Revenge-RAT v0.3/Revenge-RAT v0.3/Extensions/AHK/Unicode 32-bit.bin
- Size
  
  802KB
- MD5
  
  b86564d0eb29a5faab9e8daacf269df4
- SHA1
  
  c5e80905834d48ea1750b2ff4e2fa1b354adb9df
- SHA256
  
  2514235c34d17fdb4a8448bd088d89f631f5d70f12f5f7d5ee552144a345ed2d
- SHA512
  
  6fb1f669290d752d3cc4c96917969e0c958ca1643fff5ccbb8e2a6d5d8b6c011dcc782c5795cde2b0c83b65176e33dfb6cac98ce2a6cfb848888187c5a51955a
- SSDEEP
  
  24576:oNR2zaQBt37/CZ0w1PeWnzqhqCC6+PEy:dUsrC6aE
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  Revenge-RAT v0.3/Revenge-RAT v0.3/Extensions/Aut2Exe/Aut2exe.exe
- Size
  
  1.3MB
- MD5
  
  d28806a3244af288a2e569e36df136c4
- SHA1
  
  373816d4cc8fa8dc5973580aaa8fa9332e089b25
- SHA256
  
  89afe97dd27c3cadb96481dd38a1352bf6b98fa0206dd2d856728a47dc06f3ba
- SHA512
  
  59f5bc741ea2aa06ab4e23bf6b722201239c4fce094445f6a98bc5789abb121fe769747c34c105fa6bf38622c31c0a63802c278e5009859003c37c8190081d1c
- SSDEEP
  
  24576:PmTiPaj09O2jInFqpL6LqQOn6hyXEkImN5zVv3J4bD71Q51q:+4q2jqcpGen6e9zVvZUDZb
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  Revenge-RAT v0.3/Revenge-RAT v0.3/Extensions/Aut2Exe/Aut2exe_x64.exe
- Size
  
  1.4MB
- MD5
  
  cecb773c5b0e15b8d1c02840fd118f38
- SHA1
  
  217985ad1cdb4845c69c383695cdeb2645153cfd
- SHA256
  
  7261bd93161cfe191e354152d489c3721e41d84a87d6c1af7eaa4dc0c75ab3ff
- SHA512
  
  561e5ddb4aee39cad22fc685c1cd4cce070a88570b521e4dddf392cdab489aa549a6f7957ac222fe1317f985bdcc0b8839e7610b5447418e44a3b3410f9dfe89
- SSDEEP
  
  24576:QuvoBBCnx+6TiPaj09O2jInFqpL6LqQOn6hyXEkImN5zVv3J4bD71Q51a:b4uxt4q2jqcpGen6e9zVvZUDZH
Score

1^/10
behavioral15 behavioral16
- Target
  
  Revenge-RAT v0.3/Revenge-RAT v0.3/Extensions/Aut2Exe/upx.exe
- Size
  
  298KB
- MD5
  
  e9eacbb7ab4b3f66019e0a2f13a1dba9
- SHA1
  
  ae30894b29e52bf04afc4a54795d438fb910acff
- SHA256
  
  0c3dc789d0a46493bd097526b920d913d930d96b1052cb331eec3ac560c89996
- SHA512
  
  925445d20c93c65a282fc59f773551d824bff1f8e2623fd8ea0c587831a9550c400f121defb3d82c8f0401903fa69e3154dc98e29688d02af1d5d01247914a06
- SSDEEP
  
  6144:vZCWmlys014OqpXDXz7yIrozs0WuNd3ojusBdgnNW6r4F53ttuGENGFdVCLEYnPQ:hCWV7q9zGImAjJdcH4j3ttzFdVCLNSf5
Score

5^/10

upx discovery
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral17 behavioral18
- Target
  
  Revenge-RAT v0.3/Revenge-RAT v0.3/Extensions/GoRC.exe
- Size
  
  54KB
- MD5
  
  d708cdcf904424e5ccfe7583ee1c7567
- SHA1
  
  8e47e3f58b42d400d347686f96fadbeca8f08416
- SHA256
  
  00e5dee46223200a6ec5fe8cb742dfa3dbcab1738233944c7fc8b66fc56e10e1
- SHA512
  
  b6e6fd7266729ce08d7618b1ae5ec231745a188da6c0c8837bfc464c642a36f1603911dd0ccf19f27ca004af2d7c58975f9424472841b165edeab1d0850c311d
- SSDEEP
  
  1536:hur3UYiUysl3B0ycb52RH78PMnwdY09RV:grEGqyqsFUXiY7
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  Revenge-RAT v0.3/Revenge-RAT v0.3/Extensions/Resource Hacker.exe
- Size
  
  4.1MB
- MD5
  
  c6391727ae405fb9812a8ad2a7729402
- SHA1
  
  83693dc297392c6a28f7f16d23414c6d62921711
- SHA256
  
  d98fbfca17f194400d19111e4813340e6666b254b99f833739b661a4d2d0217c
- SHA512
  
  7a4e2ff93d853415d433f5e90b36959c78b77590aa1fa00753831eb4d01cb1a972bb9e39eb8dee5b216005e7709eacda51c0c410aacfe37fcdb163603fd36570
- SSDEEP
  
  49152:CVQvQX7tXewSaMd3U32VYBZH9p8djP1S2RsT//mQHtbNqS0:CV2QpEBjPpRctHtbNq
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  Revenge-RAT v0.3/Revenge-RAT v0.3/Extensions/dotNET_Reactor.exe
- Size
  
  5.9MB
- MD5
  
  a7d69d6ddbe2586d698ebdf7f49c1afa
- SHA1
  
  7b87de25c982d0cc42a1dde89790cd34acbcfd2e
- SHA256
  
  79f190a51af8a463f13ddd5a76947cf7ba2adfb8e231b37c5e0968602217a62b
- SHA512
  
  2d4fb34f83d9794c38ec39f12f78b8d7c5af331aea475eaecf589f95c9e1849196a8d5252a7f9beaa596bb34ddc0c94b76a6c9092dc0fb93ec6b0af9fb66226e
- SSDEEP
  
  49152:VXl2PFBegFNFLua2gBxnnim//7rF31inFhyNkLObEECwc0mjZ5tzCo3Eh5pfO+pD:VW5nnim//7uvwCt5tuo32v
Score

7^/10

discovery
- Loads dropped DLL
- Drops desktop.ini file(s)
behavioral23 behavioral24
- Target
  
  Revenge-RAT v0.3/Revenge-RAT v0.3/Extensions/mpress.exe
- Size
  
  101KB
- MD5
  
  8b632bfc3fe653a510cba277c2d699d1
- SHA1
  
  d6a57aa17e5eb51297def9bac04e574c1e36d9c7
- SHA256
  
  2852680c94a9d68cdab285012d9328a1ceca290db60c9e35155c2bb3e46a41b4
- SHA512
  
  b9ea70ed984d3b4a42eceb9f34f222b722c4c1985b79b368d769fe0fd1f19f037ffebe2cf938aa98ed450337836a7469d911848448d99223995f7fb3a9304587
- SSDEEP
  
  3072:S0+mlNniJkkKcfqBOb65VgB183gUGQ340HpL:SvmlNn4kkeOAVA1rUGh0Hp
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  Revenge-RAT v0.3/Revenge-RAT v0.3/FastColoredTextBox.dll
- Size
  
  331KB
- MD5
  
  7d315038da4cb77039dc315c64946e22
- SHA1
  
  c213bf396157ef97c23a751aebcabfb26f34b7d0
- SHA256
  
  777c68c5c47cf91e18583a0fa50b556b1551898a07097f296a0811943a493fa6
- SHA512
  
  794a8f00629f083edf3a7c20fb22fc29a13e1c6822bffcc0696918b7b999a53483d867ea6b7ee08352b4ddfc21c75f03a68a6b45ccab8c4b2ccf582383a6b87e
- SSDEEP
  
  6144:0IhBMO76XPxAn90aIqEokJEBNfxfXsrYGeBcHeDsGLPDJ:04cCNNGeMrkD
Score

1^/10
behavioral27 behavioral28
- Target
  
  Revenge-RAT v0.3/Revenge-RAT v0.3/IconLib.dll
- Size
  
  59KB
- MD5
  
  45ecaf5e82da876240f9be946923406c
- SHA1
  
  0e79bfe8ecc9b0a22430d1c13c423fbf0ac2a61d
- SHA256
  
  087a0c5f789e964a2fbcb781015d3fc9d1757358bc63bb4e0b863b4dffdb6e4f
- SHA512
  
  6fd4a25051414b2d70569a82dff5522606bfc34d3eaeea54d2d924bc9c92e479c7fda178208026308a1bf9c90bee9dbcaf8716d85c2ab7f383b43b0734329bc8
- SSDEEP
  
  768:WhZeVOIr9zmWGODfqED8zOJI+IpXgJKCAyEpd+rnwTIQJAqLiA4B0FdIOFMBC3Wd:EP1m3KpOKSEp1TzCaFiPBhlg36eiikN
Score

1^/10
behavioral29 behavioral30
- Target
  
  Revenge-RAT v0.3/Revenge-RAT v0.3/Plugin Compiler.exe
- Size
  
  534KB
- MD5
  
  fb315d1ae339c9506033026e78500199
- SHA1
  
  97dc5017a8a796750567fcd7b5bfb4be2233a5ae
- SHA256
  
  2f4fd04bbf02ef75845bfb287e5abc4fb7ae9a81776142b573eadadbf28fbe81
- SHA512
  
  895fc9f3c10bcab8c30fd7773820130b7d8d7e2145226052fedbb210b564db39e9078666762836235a8c6c40c49a3bb2b41f49f7753c97c2f09370a0327e154c
- SSDEEP
  
  3072:L+xuB9c7YdbMKsPcomyThhKq1+oXL8/xeAdLdZPn9Cc:Sxu7c7YdbMKsPcomyThwq1+w1Yn/9
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

stealerguestupxrevengerat

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32