revengerat | 607c83c609fbe308f30c0cbd197c8fc8c33ef4c85a21794463091a962609fd4b | Triage

Sharing

General

Target

JaffaCakes118_04fd5497a83ad255eb92eda4d75b9d3c
Size

62KB
Sample

250106-a9bbmasrgj
MD5

04fd5497a83ad255eb92eda4d75b9d3c
SHA1

9749bcf4d4721446c7c7a594d1d41c5e0aa3c358
SHA256

607c83c609fbe308f30c0cbd197c8fc8c33ef4c85a21794463091a962609fd4b
SHA512

eec5fea358b8c4e42d0d4e146e2766a924c8cf1e073ac812dabc7c9678a06ea65cc8db2c16783f336b7b7e2a9e84fbcaa60c552fa51761c1736940490174905b
SSDEEP

768:CksHaoteIdMSc9P0OYka5q1qzPzazg2f7arEBXUt/2Te:zJo/c9MHkaHbza82f2IBXUx

Score

10^/10

revengerat discovery persistence stealer trojan

Malware Config

Targets

- Target
  
  JaffaCakes118_04fd5497a83ad255eb92eda4d75b9d3c
- Size
  
  62KB
- MD5
  
  04fd5497a83ad255eb92eda4d75b9d3c
- SHA1
  
  9749bcf4d4721446c7c7a594d1d41c5e0aa3c358
- SHA256
  
  607c83c609fbe308f30c0cbd197c8fc8c33ef4c85a21794463091a962609fd4b
- SHA512
  
  eec5fea358b8c4e42d0d4e146e2766a924c8cf1e073ac812dabc7c9678a06ea65cc8db2c16783f336b7b7e2a9e84fbcaa60c552fa51761c1736940490174905b
- SSDEEP
  
  768:CksHaoteIdMSc9P0OYka5q1qzPzazg2f7arEBXUt/2Te:zJo/c9MHkaHbza82f2IBXUx
Score

10^/10

revengerat discovery persistence stealer trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Revengerat family
  revengerat
- RevengeRat Executable
  stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Scheduled Task/Job

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

stealerrevengerat

behavioral1

revengeratdiscoverypersistencestealertrojan

behavioral2

revengeratdiscoverystealertrojan