revengerat | 88a0c5df4f8874254aedfe226c8e01756ac1ffc4d6e40360f70e42fc8fbe2b27 | Triage

Sharing

General

Target

AndroidEmulator.exe
Size

180KB
Sample

241209-3lvdtavrfy
MD5

9e55624e81cc5bf9f40792a97c5e3c9b
SHA1

35379afa47748f022e4f23d5a499ea01e251a88b
SHA256

88a0c5df4f8874254aedfe226c8e01756ac1ffc4d6e40360f70e42fc8fbe2b27
SHA512

bac780817e166dc8203f35bd34da289b583b1cb27c26dbe38c70beb44d669949ab666ed16e6485554a2aed22a987cb5e1c6a3cf7d36d85d952d8a28808190caf
SSDEEP

3072:a3ZN9Ho17ad7R3zWwSHaqXQpZjl9SYtT22wjiAAAAAAARtvNEEEZTEEEEEEEEE1G:a3FH+7A7R3zWPHa5Tjn7R22wOAAAAAAP

Score

10^/10

revengerat guest persistence stealer trojan

Malware Config

Extracted

Family

revengerat

Botnet

Guest

C2

127.0.0.1:333

127.0.0.1:19472

2.tcp.eu.ngrok.io:333

2.tcp.eu.ngrok.io:19472

Mutex

RV_MUTEX-RawrHJfWfhaRC

Targets

- Target
  
  AndroidEmulator.exe
- Size
  
  180KB
- MD5
  
  9e55624e81cc5bf9f40792a97c5e3c9b
- SHA1
  
  35379afa47748f022e4f23d5a499ea01e251a88b
- SHA256
  
  88a0c5df4f8874254aedfe226c8e01756ac1ffc4d6e40360f70e42fc8fbe2b27
- SHA512
  
  bac780817e166dc8203f35bd34da289b583b1cb27c26dbe38c70beb44d669949ab666ed16e6485554a2aed22a987cb5e1c6a3cf7d36d85d952d8a28808190caf
- SSDEEP
  
  3072:a3ZN9Ho17ad7R3zWwSHaqXQpZjl9SYtT22wjiAAAAAAARtvNEEEZTEEEEEEEEE1G:a3FH+7A7R3zWPHa5Tjn7R22wOAAAAAAP
Score

10^/10

revengerat persistence stealer trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Revengerat family
  revengerat
- RevengeRat Executable
  stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Scheduled Task/Job

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

stealerguestrevengerat

behavioral1

revengeratpersistencestealertrojan

behavioral2

revengeratpersistencestealertrojan