revengerat | 4862536534ea3f44daaffceb5facaeb873eee8c386e6b13b3ba31f89702a6ce6 | Triage

Sharing

General

Target

JaffaCakes118_a873ed2e9c4122eb074d46c39cd74c05
Size

560KB
Sample

250108-yek5cazqhv
MD5

a873ed2e9c4122eb074d46c39cd74c05
SHA1

8d20bb63aa39f68f9f7df89684bac9d71f0e545a
SHA256

4862536534ea3f44daaffceb5facaeb873eee8c386e6b13b3ba31f89702a6ce6
SHA512

a2993a2fad15ea54ee281788ca8d749373b7bcd6b8dd031f0ce022f9d18cb4ed0fad4461933f14e2668a8a653a9cacb25fe886f86dbd882418d39f9bf051e7f0
SSDEEP

12288:zxfyTJlFpTyMPUIpzX8MZAi58suLUgcEfKWEJRz:zxfyVlFpTyMPUIpzsMZAOuLUYf0J

Score

10^/10

revengerat discovery stealer

Malware Config

Targets

- Target
  
  JaffaCakes118_a873ed2e9c4122eb074d46c39cd74c05
- Size
  
  560KB
- MD5
  
  a873ed2e9c4122eb074d46c39cd74c05
- SHA1
  
  8d20bb63aa39f68f9f7df89684bac9d71f0e545a
- SHA256
  
  4862536534ea3f44daaffceb5facaeb873eee8c386e6b13b3ba31f89702a6ce6
- SHA512
  
  a2993a2fad15ea54ee281788ca8d749373b7bcd6b8dd031f0ce022f9d18cb4ed0fad4461933f14e2668a8a653a9cacb25fe886f86dbd882418d39f9bf051e7f0
- SSDEEP
  
  12288:zxfyTJlFpTyMPUIpzX8MZAi58suLUgcEfKWEJRz:zxfyVlFpTyMPUIpzsMZAOuLUYf0J
Score

7^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

stealerrevengerat

behavioral1

behavioral2