revengerat | 5792e1610df899d8fb7564e6fdf5cc5b8cf13162bd17c88b3351009c738d6924 | Triage

Sharing

General

Target

JaffaCakes118_5792e1610df899d8fb7564e6fdf5cc5b8cf13162bd17c88b3351009c738d6924
Size

20KB
Sample

241230-3syd2svken
MD5

c9bc80980cd6b0deaf7d24a0d6c479a8
SHA1

7cd003e70561acd1d7792fec9a76ed44d2ffd3e6
SHA256

5792e1610df899d8fb7564e6fdf5cc5b8cf13162bd17c88b3351009c738d6924
SHA512

7fcd2a7c1a62ddcca3e0e7c05fcfb715009e404d822f3da03c732b6b432cb4c5e5c3248e81259f1eadebbf080dd07c20d9e2add47e0ee2e1d7b42fcbcdaa0484
SSDEEP

192:u10ntu2f2k5pKTkyp6aeFknKNM8YB2YhvnklZBldmMs4kblmf+jF9nsa3V5p9EyG:u1N2f2kSb2ivk1lls4almMscDp6ytXY

Score

10^/10

revengerat client discovery stealer trojan

Malware Config

Extracted

Family

revengerat

Botnet

Client

C2

127.0.0.1:333

127.0.0.1:37337

Mutex

RV_MUTEX

Targets

- Target
  
  JaffaCakes118_5792e1610df899d8fb7564e6fdf5cc5b8cf13162bd17c88b3351009c738d6924
- Size
  
  20KB
- MD5
  
  c9bc80980cd6b0deaf7d24a0d6c479a8
- SHA1
  
  7cd003e70561acd1d7792fec9a76ed44d2ffd3e6
- SHA256
  
  5792e1610df899d8fb7564e6fdf5cc5b8cf13162bd17c88b3351009c738d6924
- SHA512
  
  7fcd2a7c1a62ddcca3e0e7c05fcfb715009e404d822f3da03c732b6b432cb4c5e5c3248e81259f1eadebbf080dd07c20d9e2add47e0ee2e1d7b42fcbcdaa0484
- SSDEEP
  
  192:u10ntu2f2k5pKTkyp6aeFknKNM8YB2YhvnklZBldmMs4kblmf+jF9nsa3V5p9EyG:u1N2f2kSb2ivk1lls4almMscDp6ytXY
Score

10^/10

revengerat client discovery stealer trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Revengerat family
  revengerat
- RevengeRat Executable
  stealer
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

stealerclientrevengerat

behavioral1

revengeratclientdiscoverystealertrojan

behavioral2

revengeratclientdiscoverystealertrojan