revengerat | db1bed0fcb8b96baabc8163efc6c3f32726f8840ca135a741a35c7abd6c04018 | Triage

Submit
Reports

Overview

overview

Static

static

3

db1bed0fcb...18.exe

windows7-x64

db1bed0fcb...18.exe

windows10-2004-x64

Sharing

General

Target

db1bed0fcb8b96baabc8163efc6c3f32726f8840ca135a741a35c7abd6c04018.exe
Size

1.7MB
Sample

241210-jdhv9stnfk
MD5

570388d87360d6bd982993aedaddbac0
SHA1

883499305bb02ac67ab22688ce1f6c6fb2c13bdb
SHA256

db1bed0fcb8b96baabc8163efc6c3f32726f8840ca135a741a35c7abd6c04018
SHA512

0f5afd85cd6cfb3958cf5fc1aeaba2872eb1218bb5da86a93ff2148b3a5eaf2b69c38786841106b6bd72e215309ecaab2a61a0d864f0703691fc1499d469d054
SSDEEP

49152:vcGL0yvl07QwY4AYgH1DsAyhYtzo/V/8I56KHygdmQPgQvz2/:vcGTvDwYvHOdozm8I5nygdnJb2/

Score

10^/10

revengerat guest discovery persistence stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

db1bed0fcb8b96baabc8163efc6c3f32726f8840ca135a741a35c7abd6c04018.exe

Resource

win7-20241023-en

revengerat guest discovery persistence stealer trojan

windows7-x64

13 signatures

120 seconds

Behavioral task

behavioral2

Sample

db1bed0fcb8b96baabc8163efc6c3f32726f8840ca135a741a35c7abd6c04018.exe

Resource

win10v2004-20241007-en

revengerat guest discovery persistence stealer trojan

windows10-2004-x64

13 signatures

120 seconds

Malware Config

Extracted

Family

revengerat

Botnet

Guest

C2

127.0.0.1:333

Mutex

RV_MUTEX-vZblRvZwfRtNH

Targets

- Target
  
  db1bed0fcb8b96baabc8163efc6c3f32726f8840ca135a741a35c7abd6c04018.exe
- Size
  
  1.7MB
- MD5
  
  570388d87360d6bd982993aedaddbac0
- SHA1
  
  883499305bb02ac67ab22688ce1f6c6fb2c13bdb
- SHA256
  
  db1bed0fcb8b96baabc8163efc6c3f32726f8840ca135a741a35c7abd6c04018
- SHA512
  
  0f5afd85cd6cfb3958cf5fc1aeaba2872eb1218bb5da86a93ff2148b3a5eaf2b69c38786841106b6bd72e215309ecaab2a61a0d864f0703691fc1499d469d054
- SSDEEP
  
  49152:vcGL0yvl07QwY4AYgH1DsAyhYtzo/V/8I56KHygdmQPgQvz2/:vcGTvDwYvHOdozm8I5nygdnJb2/
Score

10^/10

revengerat guest discovery persistence stealer trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Revengerat family
  revengerat
- RevengeRat Executable
  stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

revengeratguestdiscoverypersistencestealertrojan

behavioral2

revengeratguestdiscoverypersistencestealertrojan

© 2018-2025

Terms | Privacy