revengerat

Resubmissions

13-01-2025 20:29

250113-y9mawswray 10

13-01-2025 20:26

250113-y76azsyqcn 10

Sharing

Copy URL

Twitter E-mail

General

Target

https://gofile.io/d/nEXvhI
Sample

250113-y76azsyqcn

Score

10^/10

Malware Config

Extracted

Family

revengerat

Botnet

Guest

0.tcp.ngrok.io:19521

Mutex

RV_MUTEX

Targets

- Target
  
  https://gofile.io/d/nEXvhI
Score

10^/10

revengerat guest discovery stealer trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Revengerat family
  revengerat
- RevengeRat Executable
  stealer
- Downloads MZ/PE file
- Drops startup file
- Executes dropped EXE
- Uses the VBS compiler for execution
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

Revengerat family

RevengeRat Executable

Downloads MZ/PE file

Drops startup file

Executes dropped EXE

Uses the VBS compiler for execution

Legitimate hosting services abused for malware hosting/C2

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

urlscan1

behavioral1