revengerat | 9460fbb2e3a8940e9ad54f834056f124b932cb00421da8eacc04ed01e4a53b59 | Triage

Sharing

General

Target

9460fbb2e3a8940e9ad54f834056f124b932cb00421da8eacc04ed01e4a53b59.exe
Size

387KB
Sample

241122-yy81hstpel
MD5

3aa997bbaac4a941597757819b61c68f
SHA1

bacccc51da8c6338db05cf33d823c3e8a6e67344
SHA256

9460fbb2e3a8940e9ad54f834056f124b932cb00421da8eacc04ed01e4a53b59
SHA512

0e52bf02825598d444c49e4286f5f4e398fb1bff2e34e60200ba7446cee99849f9c9a4f6c9e0f7a3f19c5338b4ea68d133caffe20ebb24f5bf45641176699f9f
SSDEEP

6144:kYESD6lunpseAVoSb8UxeG+otZZnvBCrXJM2+L:kYESDF6VoSd1zZ9BO+nL

Score

10^/10

revengerat limerevenge trojan

Malware Config

Extracted

Family

revengerat

Botnet

LimeRevenge

Mutex

29a-8fa6-0ac610b243aa

Targets

- Target
  
  9460fbb2e3a8940e9ad54f834056f124b932cb00421da8eacc04ed01e4a53b59.exe
- Size
  
  387KB
- MD5
  
  3aa997bbaac4a941597757819b61c68f
- SHA1
  
  bacccc51da8c6338db05cf33d823c3e8a6e67344
- SHA256
  
  9460fbb2e3a8940e9ad54f834056f124b932cb00421da8eacc04ed01e4a53b59
- SHA512
  
  0e52bf02825598d444c49e4286f5f4e398fb1bff2e34e60200ba7446cee99849f9c9a4f6c9e0f7a3f19c5338b4ea68d133caffe20ebb24f5bf45641176699f9f
- SSDEEP
  
  6144:kYESD6lunpseAVoSb8UxeG+otZZnvBCrXJM2+L:kYESDF6VoSd1zZ9BO+nL
Score

10^/10

revengerat limerevenge trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Revengerat family
  revengerat
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

revengeratlimerevengetrojan

behavioral2

revengeratlimerevengetrojan