revengerat | b22e580a067fe58a29798c9e293f50c87371c401675d4b1546c4475a87235dff | Triage

Sharing

General

Target

412f7ee013632fe0ad4eff568db0d94f_JaffaCakes118
Size

497KB
Sample

241013-v6jh2stcpm
MD5

412f7ee013632fe0ad4eff568db0d94f
SHA1

0f19b613d9c2c0fde7a361ad482f731d40a869f0
SHA256

b22e580a067fe58a29798c9e293f50c87371c401675d4b1546c4475a87235dff
SHA512

3bbc8c17d6dc1f95e29423a5864322cee02669d8ea2100c885c6287b971a829f1ff11c725568447bc050e684dd28417a3a9acc2d7647e7902aead2a7d109d201
SSDEEP

12288:Z9f5EvvxWEVj1Nsw+seJF3upKzp93OOak4wcrsPgCnt:ZnExWujHsw+seJF3upOphOfVrIIC

Score

10^/10

revengerat discovery evasion stealer

Malware Config

Targets

- Target
  
  412f7ee013632fe0ad4eff568db0d94f_JaffaCakes118
- Size
  
  497KB
- MD5
  
  412f7ee013632fe0ad4eff568db0d94f
- SHA1
  
  0f19b613d9c2c0fde7a361ad482f731d40a869f0
- SHA256
  
  b22e580a067fe58a29798c9e293f50c87371c401675d4b1546c4475a87235dff
- SHA512
  
  3bbc8c17d6dc1f95e29423a5864322cee02669d8ea2100c885c6287b971a829f1ff11c725568447bc050e684dd28417a3a9acc2d7647e7902aead2a7d109d201
- SSDEEP
  
  12288:Z9f5EvvxWEVj1Nsw+seJF3upKzp93OOak4wcrsPgCnt:ZnExWujHsw+seJF3upOphOfVrIIC
Score

10^/10

discovery evasion
- Modifies firewall policy service
  evasion
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

stealerrevengerat

behavioral1

discoveryevasion

behavioral2

discoveryevasion