revengerat | 2909c8b92462475f5ae4c31fd0d00160ffda8bbcbbea6c1b5cae80aecff0f896 | Triage

Submit
Reports

Overview

overview

Static

static

2909c8b924...6N.exe

windows7-x64

2909c8b924...6N.exe

windows10-2004-x64

Sharing

General

Target

2909c8b92462475f5ae4c31fd0d00160ffda8bbcbbea6c1b5cae80aecff0f896N.exe
Size

1.9MB
Sample

250107-hljbbsyqgs
MD5

335457b24d4fb19bfd9a711f5b3deaf0
SHA1

2c9f74a030a77c6b2fc552ab1fd0ef48a54eca68
SHA256

2909c8b92462475f5ae4c31fd0d00160ffda8bbcbbea6c1b5cae80aecff0f896
SHA512

a603b6e5efb0ba3db23f01cbafd73fe6e533d9187c9c24aefffbbee42d4073a85278e33a312ea2da720e40c9de4c17cd8cef87fe39bfb8ab577c278abb909842
SSDEEP

49152:E91DSeK3K1ovWnZ5Yw9NMZ6Pkew933XyrCCC0:MNSeb1n5YEi0Pm93y

Score

10^/10

revengerat discovery persistence stealer trojan

Static task

static1

stealer revengerat

3 signatures

Behavioral task

behavioral1

Sample

2909c8b92462475f5ae4c31fd0d00160ffda8bbcbbea6c1b5cae80aecff0f896N.exe

Resource

win7-20240903-en

revengerat discovery persistence stealer trojan

windows7-x64

14 signatures

120 seconds

Behavioral task

behavioral2

Sample

2909c8b92462475f5ae4c31fd0d00160ffda8bbcbbea6c1b5cae80aecff0f896N.exe

Resource

win10v2004-20241007-en

revengerat discovery stealer trojan

windows10-2004-x64

15 signatures

120 seconds

Malware Config

Targets

- Target
  
  2909c8b92462475f5ae4c31fd0d00160ffda8bbcbbea6c1b5cae80aecff0f896N.exe
- Size
  
  1.9MB
- MD5
  
  335457b24d4fb19bfd9a711f5b3deaf0
- SHA1
  
  2c9f74a030a77c6b2fc552ab1fd0ef48a54eca68
- SHA256
  
  2909c8b92462475f5ae4c31fd0d00160ffda8bbcbbea6c1b5cae80aecff0f896
- SHA512
  
  a603b6e5efb0ba3db23f01cbafd73fe6e533d9187c9c24aefffbbee42d4073a85278e33a312ea2da720e40c9de4c17cd8cef87fe39bfb8ab577c278abb909842
- SSDEEP
  
  49152:E91DSeK3K1ovWnZ5Yw9NMZ6Pkew933XyrCCC0:MNSeb1n5YEi0Pm93y
Score

10^/10

revengerat discovery persistence stealer trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Revengerat family
  revengerat
- RevengeRat Executable
  stealer
- Event Triggered Execution: Image File Execution Options Injection
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Event Triggered Execution

Image File Execution Options Injection

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Event Triggered Execution

Image File Execution Options Injection

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

stealerrevengerat

behavioral1

revengeratdiscoverypersistencestealertrojan

behavioral2

revengeratdiscoverystealertrojan

© 2018-2025

Terms | Privacy