revengerat | 9c9455bb62b59f362a8ddb9f80d5e1aa622345779ef58c1378ca3532c94f4da6 | Triage

Sharing

General

Target

9c9455bb62b59f362a8ddb9f80d5e1aa622345779ef58c1378ca3532c94f4da6.exe
Size

112KB
Sample

241123-1aa5paxmcw
MD5

a8543f858429c0655ea8478e41c7dd4b
SHA1

dde4d7a5429ef99a1ca9112236b1b036613ddf82
SHA256

9c9455bb62b59f362a8ddb9f80d5e1aa622345779ef58c1378ca3532c94f4da6
SHA512

1299598733899a14e64594f3c6911ac93572c5fe5894b304e753a4c2d20853623dcda8d8dee52d8647a7d1d0029d641d9c1dce032380da1396be6e62b9f246d7
SSDEEP

3072:pqXvnRs4fz6MGG3TI9ujfdMdTCC8OH9J71z7p4Yp5sbYS:p0nfzNTTfdMdTCC8OH9J71z7p4Y8bJ

Score

10^/10

revengerat discovery persistence stealer trojan

Malware Config

Targets

- Target
  
  9c9455bb62b59f362a8ddb9f80d5e1aa622345779ef58c1378ca3532c94f4da6.exe
- Size
  
  112KB
- MD5
  
  a8543f858429c0655ea8478e41c7dd4b
- SHA1
  
  dde4d7a5429ef99a1ca9112236b1b036613ddf82
- SHA256
  
  9c9455bb62b59f362a8ddb9f80d5e1aa622345779ef58c1378ca3532c94f4da6
- SHA512
  
  1299598733899a14e64594f3c6911ac93572c5fe5894b304e753a4c2d20853623dcda8d8dee52d8647a7d1d0029d641d9c1dce032380da1396be6e62b9f246d7
- SSDEEP
  
  3072:pqXvnRs4fz6MGG3TI9ujfdMdTCC8OH9J71z7p4Yp5sbYS:p0nfzNTTfdMdTCC8OH9J71z7p4Y8bJ
Score

10^/10

revengerat discovery persistence stealer trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Revengerat family
  revengerat
- RevengeRat Executable
  stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Scheduled Task/Job

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

revengeratdiscoverypersistencestealertrojan

behavioral2

revengeratdiscoverypersistencestealertrojan