revengerat | 59af63a2492f69fde69c4cbe15622e422c9d46b517e08a363aa37f0a15e2bf0f | Triage

Sharing

General

Target

TriaSO2.7.3-STANDARD-Win7_winServer2008_R2_and_newers.zip
Size

5.3MB
Sample

241107-xczz2sxcnf
MD5

be8ae20a271f60f16978892e1f4e2846
SHA1

37844033232b779b7666103c8ecb4653a21b7794
SHA256

59af63a2492f69fde69c4cbe15622e422c9d46b517e08a363aa37f0a15e2bf0f
SHA512

584867e9d4076f8cfebadeea445926fba0ff11cfc0adbf17ba4a2b285fbdd6906d13d21ca0eb1bee0b1360baea936026a3c8d8d30e995877b5225d393db26e59
SSDEEP

98304:AkA5yeZezj1RZPcEy3xZqWQDBEWsUSl3IURLbdwz/qM71oqvVQwE/ANLKC:Akt1RV11RdxuI+LbdwrfvFwC

Score

10^/10

revengerat discovery stealer trojan upx

Malware Config

Targets

- Target
  
  Application Files/Tria Sistema Operatiu_2_7_3_0/Tria Sistema Operatiu.exe
- Size
  
  1.2MB
- MD5
  
  2817510471e8373c3e1fd06818ee25c0
- SHA1
  
  c4fe0a8a22c52bb94079649baaf488fc062320d5
- SHA256
  
  abd62567e6f93dc87565879152f407c6dff81ff735f5aa23c9abdd54d08da8e7
- SHA512
  
  73cdd4b1af676614d24b47ec2ed6757cb1eb83b804e4740464f1581028451b9dc989c04a52d5fba97453a54075e4357b5b90d90dc60dff003bc099ac7979632d
- SSDEEP
  
  12288:z+CpF/z8GGzN0kqyB19aTRErxjqZgIJBt7usqOvOQqCJyADHyFSIBs/Mq3SdKWUd:z+LX
Score

3^/10

discovery
behavioral1 behavioral2
- Target
  
  install-Tria-S.O.2.7.3-Win7_WinServer2008_R2_and_newers.bat
- Size
  
  1KB
- MD5
  
  ad3cb27366ebf30476d1be13cfb5d4d1
- SHA1
  
  5f4878822be96e3e85809c1b14ecc9573b8ec6d1
- SHA256
  
  ae77da3087cdbf5815ce95efa8e4c8d25ee0d1867f8730931b226be517b9e513
- SHA512
  
  4905794d54991b8c5eff569d7ef15de7c863e78ef03717e2c695add14f76ca9f2f2da31af130bfaf7947d16345741cb8994fbf9559bcbc0bd945cf61ba0ce773
Score

1^/10
behavioral3 behavioral4
- Target
  
  setup.exe
- Size
  
  646KB
- MD5
  
  16b65da3e4b40c5d13c7c682deea2db1
- SHA1
  
  656bc78fbba8606afcad2dc38b7fa69d59f7a85a
- SHA256
  
  3be9008d57075c94568bf85423b88b071e6bd2eaeb85399d9bae516d1a8c62f2
- SHA512
  
  d0425c0d00e720d63be4136b6139a108ff6b23bbb3136d472e3d9e3a4c06083ba98ec246645c5a3e32b89910dc161883320d3afca7a4c33c6902fbeb1f9f1839
- SSDEEP
  
  12288:lJxJDu5hJdbv+BygQZ2eHF04+KMoeMb01JQntLOCC6+V:zzu5hJdbHZ2eXpemC6+
Score

10^/10

discovery revengerat stealer trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Revengerat family
  revengerat
- RevengeRat Executable
  stealer
- Executes dropped EXE
behavioral5 behavioral6
- Target
  
  unetbootin-windows-702.exe
- Size
  
  4.6MB
- MD5
  
  ac970460e91a32a128c813f9226abe79
- SHA1
  
  de3dce853c08b385d43822aaafc55d1e19f6055f
- SHA256
  
  65ba5ff090be1cc96dec40509c9002582f4663634cb63b311941321907701483
- SHA512
  
  e7ac99d720c336f6afc0839b1fdfe58a1b26d1243bb3f8511871c51f89a6ff23a15c7fd94d77fd7f4e0952a300a27ed63c141156c8dbf397ebef5de5601795f0
- SSDEEP
  
  98304:c5j1ftNc6uZxPyiQ7BesOAIl9mUfn9HKzbg0bboER7QuK/4NLE:K1fDtrN1xcmSn9HK/nRbq
Score

6^/10

discovery upx
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral7 behavioral8

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

stealerupxrevengerat

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

revengeratdiscoverystealertrojan

behavioral7

behavioral8