revengerat | a30741fcc6c8493d9dc2f111219c56e656320983a8e6260084885c6acb4d6f36 | Triage

Sharing

General

Target

JaffaCakes118_632c6d7f9755f7f9acbe496b837772af
Size

471KB
Sample

250102-g2vhvszngq
MD5

632c6d7f9755f7f9acbe496b837772af
SHA1

16d7744f47c08211fb9c6f85260b88aa2eeb9b5b
SHA256

a30741fcc6c8493d9dc2f111219c56e656320983a8e6260084885c6acb4d6f36
SHA512

f9e8845aa11a7e6de27a8937cf8eeda00919ed36704c14867e7a12f35b85b756704b34ef3aac2d1eb9549d399916cfbe026096e364d17db6d415ce6e6d157c9e
SSDEEP

12288:331TIGB1wdj3t+7MgEo25RQu0x7Wt1tR5WGjs8:3FpHwxrg0RCxewms8

Score

10^/10

revengerat discovery evasion stealer

Malware Config

Targets

- Target
  
  JaffaCakes118_632c6d7f9755f7f9acbe496b837772af
- Size
  
  471KB
- MD5
  
  632c6d7f9755f7f9acbe496b837772af
- SHA1
  
  16d7744f47c08211fb9c6f85260b88aa2eeb9b5b
- SHA256
  
  a30741fcc6c8493d9dc2f111219c56e656320983a8e6260084885c6acb4d6f36
- SHA512
  
  f9e8845aa11a7e6de27a8937cf8eeda00919ed36704c14867e7a12f35b85b756704b34ef3aac2d1eb9549d399916cfbe026096e364d17db6d415ce6e6d157c9e
- SSDEEP
  
  12288:331TIGB1wdj3t+7MgEo25RQu0x7Wt1tR5WGjs8:3FpHwxrg0RCxewms8
Score

10^/10

discovery evasion
- Modifies firewall policy service
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

stealerrevengerat

behavioral1

discoveryevasion

behavioral2

discoveryevasion