revengerat | dba8e948206d56025bdbf1471cf7a2defc33fbc2bbde0c5634361d661d67ab93 | Triage

Sharing

General

Target

dba8e948206d56025bdbf1471cf7a2defc33fbc2bbde0c5634361d661d67ab93N.exe
Size

2.1MB
Sample

241125-wqk8dayrgx
MD5

0083bb621656471496f60d1973318730
SHA1

2d0209b0f14a8279efd85589dfb33b9b31fab77e
SHA256

dba8e948206d56025bdbf1471cf7a2defc33fbc2bbde0c5634361d661d67ab93
SHA512

178833c13dee9466e2c8123280fb203c07b13831b1711d4687ce8495c28f1160c7a893c9a5d6a6874d6f44c1c21e5fb571221824248f13f9bfc3f08f61f3d28e
SSDEEP

49152:PhxkP/I9K3pr4ZCOz5xLmKot5C7UzaxVlHAlImt4+O5XK2v0uV+g:AoQ3V4IGxLmKK4PA6E1GXzM4

Score

10^/10

revengerat discovery stealer trojan

Malware Config

Targets

- Target
  
  dba8e948206d56025bdbf1471cf7a2defc33fbc2bbde0c5634361d661d67ab93N.exe
- Size
  
  2.1MB
- MD5
  
  0083bb621656471496f60d1973318730
- SHA1
  
  2d0209b0f14a8279efd85589dfb33b9b31fab77e
- SHA256
  
  dba8e948206d56025bdbf1471cf7a2defc33fbc2bbde0c5634361d661d67ab93
- SHA512
  
  178833c13dee9466e2c8123280fb203c07b13831b1711d4687ce8495c28f1160c7a893c9a5d6a6874d6f44c1c21e5fb571221824248f13f9bfc3f08f61f3d28e
- SSDEEP
  
  49152:PhxkP/I9K3pr4ZCOz5xLmKot5C7UzaxVlHAlImt4+O5XK2v0uV+g:AoQ3V4IGxLmKK4PA6E1GXzM4
Score

10^/10

revengerat discovery stealer trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Revengerat family
  revengerat
- RevengeRat Executable
  stealer
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/SimpleSC.dll
- Size
  
  59KB
- MD5
  
  52aaf305fba84b5107c453424df1864e
- SHA1
  
  9887f4bd7458e1a7724b90256c073492843841a7
- SHA256
  
  f41f1173b9d367bb6a085ff0b19d1273fc0b7dad32fedbb69b07240cfc9950c8
- SHA512
  
  9a05e7a2f62956bc46d2257496256606f40e7e78ca6199a80f5945f609e4c049a92c03d7b44d301a854a0bce32ff100ff6aa2b66d4fed649c2d90de95875dced
- SSDEEP
  
  1536:E/qXv1si+Xsp9MNfPTM+Ov01p4f4fx+QxA:rv1EXZBPkvX4x+Qx
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  ETConnectServer.exe
- Size
  
  99KB
- MD5
  
  4986a56019bc459b3ab0c76d4cc12261
- SHA1
  
  48f308ec91d6d07e71a859d72c344ffaf232be92
- SHA256
  
  7417554d18b5a59936d83e96c7f83d3d030fa1ed0f70faa36099ba1bc309588a
- SHA512
  
  6aebf45b020b68c10d802cfebc8088a7194af4733c5f8c98c90eb16cfe3ca47764e50b0a565bf41033f3893b048dc339148c309057cc2698f3ced71a26d35804
- SSDEEP
  
  1536:Np5Og9Kvy7XTOES3l0Zf1GqeIyl+ZaEy6+ThWqPN2aU5Og9Kvy7XTohf:LD2Eol0x1GqeIyl+ZaEy6+TVN2aUD+
Score

1^/10
behavioral5 behavioral6
- Target
  
  ETConnectService.exe
- Size
  
  49KB
- MD5
  
  ba106429ad90a831e33c3f5446c59162
- SHA1
  
  837c576971ec4f6bdfbefe80437370f1a10100a0
- SHA256
  
  49734852249278a7c2fc2e39a6e1a501f1606b9e7696c281ff4e4a5c15df1ed5
- SHA512
  
  1e823216918d9e583d7046a111f3b3828f65e193254263cac29ed320b119150ad9492f134c6233e03b19ca7a2e2a4aeda4f45c01b4ac114cafff4f9361f68d46
- SSDEEP
  
  768:2GPf1UdTmXByeJ+Og9LZUpZy7XThzYcCe1xhY/:ZPcSBy5Og9Kvy7XTLLhc
Score

1^/10
behavioral7 behavioral8
- Target
  
  bin/MSLogonACL.exe
- Size
  
  83KB
- MD5
  
  ec2273c02252baed0f71becc88db9ccd
- SHA1
  
  bb1efb690141c4a031fe122099248648ef6e93ec
- SHA256
  
  0b0c842031008e9b15ad84e92ba28e349c279204f524915464c1876c8a48ebf9
- SHA512
  
  6f75455045da9f3893558aedb83f774c678bd4a371f94da71215cbec352c2da5c40b96c9a1cf9d9b5e245a8646a885a6db36202d58016190559182eee7300a50
- SSDEEP
  
  1536:rTKjM0y2+gDqlYEOXoqRif7dbnsPHtf8rfCjQNkxHi/emjmbOwD8I:rTF3KyYEsoqRy5bs/dCNjubOwDP
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  bin/MSRC4Plugin.dsm
- Size
  
  229KB
- MD5
  
  663ca806ee9bcbce34b463eb76c380dc
- SHA1
  
  1a238e3083eccf7da8fcd74227f3b9ca09d10c4c
- SHA256
  
  e6d301f2c071568321a9bad52d8819bf551fb75f56f97dbb65fba5596750a51a
- SHA512
  
  3ef110a81041184838a510fb8d291bc4ddcef9be3bdbbbc406278f9b7553dc03c9725661ae5d8b9984ba5ecf4e58156780f24c0632131cd431ee0459b3c35cf2
- SSDEEP
  
  3072:xvm22yJ6yzPJiDjT8CZAgHQV5AVCXYE8RQS1:hmfYsjT2JPEt
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  bin/SCHook.dll
- Size
  
  59KB
- MD5
  
  fe352e084f4c4fadf4cd6ec1add791fb
- SHA1
  
  7d7b1a43d1f8f58a68659113b83cf658b240599f
- SHA256
  
  1a00e2117391d83ac5d37c72e4c6d3caeed77b91611623b956d2b62c6ff46c31
- SHA512
  
  53acf68ff8182c1e109fc321b50f6aadca3a019f3265720537b917b6602e9c9ede9c4ed8dfb2e99981ada739ddcf78b2e4e613c08d72e36e65ce6d7c245c67ea
- SSDEEP
  
  768:VHzXE3fJlQoLBfWUfyo0/n7x66c2xBKWDHewzZqsFRXGPTiMLW+:VTEBlEA0/7HcqiM3RWP+MP
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  bin/SecureVNCPlugin.dsm
- Size
  
  402KB
- MD5
  
  0ae843b74a5dc44be913b932f22671fa
- SHA1
  
  c97e224f7090b6469ad0f77ce1ab8e7f55fe3bad
- SHA256
  
  a153a91117ee949c5a23753f4be94c20a2d2ae28040ec1f09842930c5cf15f11
- SHA512
  
  db588d08c4f491e0bab9830bd344b292a54e075485aa9f0529c3ffd8e9a1c9aaa9fdbc5b32a775ee3133d2ad3c3db5e9344717459eadbb234e5a5ef8103d3007
- SSDEEP
  
  6144:WsVVVpVsJF5fEeuBkrfpNBpx51fzgOTdnXYRAqN0ffaIIII48B/392m+iixM:WsVrpo5VrfpNHxX2RdmfCAk
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  bin/authSSP.dll
- Size
  
  183KB
- MD5
  
  e8788373ec77442cc0989bafc1552f62
- SHA1
  
  d4fae38db1a4c2d12f6827aeac8eb42ad7124314
- SHA256
  
  ed6992e4807802c2ca81b890200d4ebe05c5b5393c1ddc54aa12bbf0daa59866
- SHA512
  
  9eccdf96461bb203ad7bc87aa5f8ef703d6a5c84f8b5538b85cc90ba34036efe06bbefd678e240c0416b31f52fc17ba348523102031a145cebf283b2f715a256
- SSDEEP
  
  3072:jLf6QYbqt7yJ2Nq21+w3xHL2BbMWctZMWdtgi4ANqxO1UI/btuIbOoAb:3yQJ7O2NowBcbad2ANqS/btlyt
Score

5^/10

discovery
- Drops file in System32 directory
behavioral17 behavioral18
- Target
  
  bin/authadmin.dll
- Size
  
  97KB
- MD5
  
  053ff308f9a5c436695e69258de3b3a6
- SHA1
  
  190f5deb725bfea3f19bf1950a961faa875f571f
- SHA256
  
  b50200a5c06ab0c41a74c81a03296ab249417ccbf1347bf577c45d3a24dea03b
- SHA512
  
  65fd03b5fbba3ebe19b7a26756de69c0ff281caf5533d1a142ef7fc3acb65a77d423d3c671708a22826549fd8147adc5b775d65c9729c00dfb010fad1b057a70
- SSDEEP
  
  1536:5G7Q/cD72Djpj43H0EEuq8J0BsXUdkLX8XTWXPnSvtGnACn/zpO:5G7Qw72Jckk0BsXw42T+S1SACn/zQ
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  bin/ldapauth.dll
- Size
  
  153KB
- MD5
  
  0c55d314907fb9e95bf22135176b269a
- SHA1
  
  bc56f010a167935baf052859587b68a5f15bc396
- SHA256
  
  5ae61bc9133e10c44540bdf76067cbfed5a75d2e57ec8bfbf02fbf5e51890c44
- SHA512
  
  1b527129e4c64857bc681c69f7a8dfc7b96de5dc90e8764c16d7c019d76d1786d29670fcf6573f606960e97b49dd616ac9c3300ff643cf5cd80366770dcd08fb
- SSDEEP
  
  3072:G+xCpkY/8vO5NZ4nTiS0XByp82jfDPcJo05d0aLoNYfKUHrLuectF/:G+xkkY/8vC4nmS0O8aOLhLyY7qF/
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  bin/logging.dll
- Size
  
  137KB
- MD5
  
  1d3f844e9d9168588a00c3fd8c08d323
- SHA1
  
  e0a5441a5eb0a92e7875539668aebf67b2a9dbf6
- SHA256
  
  a5183ef9091fcced1610851e2120be6e75a10d90321ee75e0d002a8354c25623
- SHA512
  
  0914d18ac40ea4f42816e95016354983d6b82be4b0a63a31f123007e2fb0b5c5ce787bf8dc0f417d21961751b79baa4674c2491b4ff1953e82a0482f5e96744b
- SSDEEP
  
  3072:4wWiWQT6cmK+2Q/H/pSl2p9sUT4ws+Kso++FT/M1Hz1Gc4Zgt:6NQUHwsp9tTTsOyDezUXZgt
Score

5^/10

discovery
- Drops file in System32 directory
behavioral23 behavioral24
- Target
  
  bin/logmessages.dll
- Size
  
  7KB
- MD5
  
  e7dc5e97d1821742ed33a8abdfc8f24e
- SHA1
  
  1b7a6ddb07116978bb38c2dfa4b2ecbcf904b2c1
- SHA256
  
  dbf1e349d69f2e2ca6adfbc0ce2f8bb863b93fb8e07c1b4f7607901eb06ebe00
- SHA512
  
  828633cec90be63d34d8c73e09efbb6068d0e97fe0ba57cd3d4495157b1099a14c7e438eec19d3d158fcea5d7ebf7dd0ea9d2bf46d61e028917f2fd73c068094
- SSDEEP
  
  96:7zpiPoHQjzQMLy+OyoBliWNUuQCnJSNNDeu7Ut+RBlEVJT2iC+Z6PLRfzg5HHlRg:7zpyowJL/eUAJo9euGJqitMNfzg5nHng
Score

1^/10
behavioral25 behavioral26
- Target
  
  bin/uvnc_settings.exe
- Size
  
  314KB
- MD5
  
  b37c19f8d76f58b8ebcb445e594f4d9a
- SHA1
  
  51b5a2217e91c8c55e5b77a769f38ea4a846a87b
- SHA256
  
  b8be90b283498091e0b9ab8e7d90616306d7d9dd2514630b2fb2b4f391886d9b
- SHA512
  
  bc646beea9c7179cd974a7f5427face625c84c353a3f2b98041184543210ae4f4d23f92be505a327bc1f7788dce43329604432b9aac65416f88f3cd6565ec62c
- SSDEEP
  
  6144:RWB2T5zB+zMAwEiF8OQm447OZe5Zc7Iksx9CHP++py:RWB294peQmeZejc7vC
Score

1^/10
behavioral27 behavioral28
- Target
  
  bin/vnchooks.dll
- Size
  
  52KB
- MD5
  
  c4fcb8eeaa36b1b6905be9064e6f0281
- SHA1
  
  6e82781f85841ccdb442948d2ff8665522a1bf2f
- SHA256
  
  b18b169de3c58f154283c85e5fbd8d8927ee26020331496e664e838888fd3c64
- SHA512
  
  723626c7e65d031ff163081fcf2a2c0f5ca481c0827e7f37b1080acc69a9a641b78d80b74070209c55010cf563e300004121abcd176cb24634afde2c7dc95935
- SSDEEP
  
  768:0FbBSV5TEfC4PErskJe2hvBYb0gJkkVsEDF8nM0NBe8bm7sMD3gWLWi:0jFfCa9kBvwJkJzB7SsMD3gW/
Score

3^/10

discovery
behavioral29 behavioral30
- Target
  
  bin/vncviewer.exe
- Size
  
  1.1MB
- MD5
  
  2d2492a41b9b20a5ec7e49cd06cb3dcf
- SHA1
  
  b5ec3a4f8afbc24bf56ec94d50f21dd51a33db54
- SHA256
  
  43a84ce7d64d0f3807d82944fb9ed34be0176c38739f140a680afe0a150b38c3
- SHA512
  
  bddc86bc57e47af5fc108b5b3e12153d2db2d4fddd78a993b02e3bf6674bb649ef894c5df564b2fca696f0c0d68d532bde06f345d26698e62500d16cfcba6f8f
- SSDEEP
  
  24576:cSoqDcDb6VMIxTgl5J+Tv4xFjyJ3smj3M5lczu:cSoqDc7IxTkJ+Tvahmj3M5l3
Score

3^/10

discovery
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

stealerrevengerat

behavioral1

revengeratdiscoverystealertrojan

behavioral2

revengeratdiscoverystealertrojan

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32