revengerat | 8001ed950d4df55d2803dcdeafbc5a71161d497d640d621151e4fa60b9055c00 | Triage

Sharing

General

Target

JaffaCakes118_cc13cac99e845ccbff50753d95d10b17
Size

212KB
Sample

250109-s7e6xatlgv
MD5

cc13cac99e845ccbff50753d95d10b17
SHA1

94382f56cd83accafea65aec26d8b251820075d1
SHA256

8001ed950d4df55d2803dcdeafbc5a71161d497d640d621151e4fa60b9055c00
SHA512

4c997f50e721916fc5ecd39a0016209be0ff33984922c78a87168e8281c1cf0244af0441bd60549bfdc0a070af2b78fd22d82224c3e166e906de9c4bb4e0c209
SSDEEP

3072:9N0hZ0+C4S1Cr4RenEdLdzxj17pDzIpev0l6XQYb3VY0+2vLA3hzUjDdqj4xS/tK:oE+SVa2vsEDdQR/tG0UY16mj7zCz1+8

Score

10^/10

revengerat guest discovery stealer trojan

Malware Config

Extracted

Family

revengerat

Botnet

Guest

C2

lnff6ishire.duckdns.org:7711

Mutex

RV_MUTEX

Targets

- Target
  
  JaffaCakes118_cc13cac99e845ccbff50753d95d10b17
- Size
  
  212KB
- MD5
  
  cc13cac99e845ccbff50753d95d10b17
- SHA1
  
  94382f56cd83accafea65aec26d8b251820075d1
- SHA256
  
  8001ed950d4df55d2803dcdeafbc5a71161d497d640d621151e4fa60b9055c00
- SHA512
  
  4c997f50e721916fc5ecd39a0016209be0ff33984922c78a87168e8281c1cf0244af0441bd60549bfdc0a070af2b78fd22d82224c3e166e906de9c4bb4e0c209
- SSDEEP
  
  3072:9N0hZ0+C4S1Cr4RenEdLdzxj17pDzIpev0l6XQYb3VY0+2vLA3hzUjDdqj4xS/tK:oE+SVa2vsEDdQR/tG0UY16mj7zCz1+8
Score

10^/10

revengerat guest discovery stealer trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Revengerat family
  revengerat
- RevengeRat Executable
  stealer
- Drops file in Drivers directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

revengeratguestdiscoverystealertrojan

behavioral2

revengeratguestdiscoverystealertrojan