revengerat | de375f2a5c69d8c6e40eb858922dc7f13039b636f758266daaea405bc110b390 | Triage

Sharing

General

Target

d67e1006fb10427de5fe9d8bf8f7df3e_JaffaCakes118
Size

592KB
Sample

241208-l43dpszpg1
MD5

d67e1006fb10427de5fe9d8bf8f7df3e
SHA1

9c210054b070507d2fce2de6f4a853cf05004301
SHA256

de375f2a5c69d8c6e40eb858922dc7f13039b636f758266daaea405bc110b390
SHA512

1105e9869813694233957181f24d6ea1a38b27256f56f8271e7a74430e56d9390b6d1b7dd949a1be54a68f109b3646a684b11fcac60bdf3f54c1c633ac41134c
SSDEEP

12288:g7f5EvvxWEVj1Nsw+seJF3upKzp93OOak4wcrsPgcVZMa2aRTiuar:g1ExWujHsw+seJF3upOphOfVrIIcrUr

Score

10^/10

revengerat discovery evasion stealer

Malware Config

Targets

- Target
  
  d67e1006fb10427de5fe9d8bf8f7df3e_JaffaCakes118
- Size
  
  592KB
- MD5
  
  d67e1006fb10427de5fe9d8bf8f7df3e
- SHA1
  
  9c210054b070507d2fce2de6f4a853cf05004301
- SHA256
  
  de375f2a5c69d8c6e40eb858922dc7f13039b636f758266daaea405bc110b390
- SHA512
  
  1105e9869813694233957181f24d6ea1a38b27256f56f8271e7a74430e56d9390b6d1b7dd949a1be54a68f109b3646a684b11fcac60bdf3f54c1c633ac41134c
- SSDEEP
  
  12288:g7f5EvvxWEVj1Nsw+seJF3upKzp93OOak4wcrsPgcVZMa2aRTiuar:g1ExWujHsw+seJF3upOphOfVrIIcrUr
Score

10^/10

discovery evasion
- Modifies firewall policy service
  evasion
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

stealerrevengerat

behavioral1

discoveryevasion

behavioral2

discoveryevasion