revengerat | f4f5ec10baed6ad8a7f824f2a2506a8338db4b7e71815b2f6bf466645dac7245 | Triage

Sharing

General

Target

JaffaCakes118_f4f5ec10baed6ad8a7f824f2a2506a8338db4b7e71815b2f6bf466645dac7245
Size

77KB
Sample

241221-zy23mszlay
MD5

4e69333b05d347f5383146cb52f2069d
SHA1

b20c2dfec1d341e33caab1826ee49cedb2029db6
SHA256

f4f5ec10baed6ad8a7f824f2a2506a8338db4b7e71815b2f6bf466645dac7245
SHA512

be303a7bcdf7ab9954e025dac326c518c3ac27e5449122fa0e8f729c6c46dc35e993481decbdbc7375f5067dc4ceee4848d576a431fe4056176d7867c9af0a8d
SSDEEP

1536:1Jgz0H2SkJmJere42kaI+NiQtRCDKZX9n3jLNYPu:Hgc7

Score

10^/10

revengerat client discovery execution trojan

Malware Config

Extracted

Family

revengerat

Botnet

Client

C2

kimjoy.ddns.net:2021

Mutex

YX0NUIJIFJ582LY

Targets

- Target
  
  JaffaCakes118_f4f5ec10baed6ad8a7f824f2a2506a8338db4b7e71815b2f6bf466645dac7245
- Size
  
  77KB
- MD5
  
  4e69333b05d347f5383146cb52f2069d
- SHA1
  
  b20c2dfec1d341e33caab1826ee49cedb2029db6
- SHA256
  
  f4f5ec10baed6ad8a7f824f2a2506a8338db4b7e71815b2f6bf466645dac7245
- SHA512
  
  be303a7bcdf7ab9954e025dac326c518c3ac27e5449122fa0e8f729c6c46dc35e993481decbdbc7375f5067dc4ceee4848d576a431fe4056176d7867c9af0a8d
- SSDEEP
  
  1536:1Jgz0H2SkJmJere42kaI+NiQtRCDKZX9n3jLNYPu:Hgc7
Score

10^/10

execution revengerat client discovery trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Revengerat family
  revengerat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

revengeratclientdiscoveryexecutiontrojan