revengerat | b39d78411da6390a7df0f37b908dbb1b9089abd558b9e06ee852a11fc77d7251

Analysis

max time kernel
564s
max time network
566s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20250218-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250218-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
12/03/2025, 20:36

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

Revenge-RAT v0.3.7z
Size

8.7MB
MD5

3864072888fd4bc4f3c67333ecde70c7
SHA1

7982d4baabbea5f4fee4fefc2632d5535f433b35
SHA256

b39d78411da6390a7df0f37b908dbb1b9089abd558b9e06ee852a11fc77d7251
SHA512

89f13697f43680bce715ee98c98f84a56f2c2707c77a0e7a59804c46cb89a091ce213e6c98f7c264539f4634079898dbb91030e31a704f2f48161f355ef35f80
SSDEEP

196608:8hwcP7zWP5126X1CfXWcyeWWJmGr0N08mQABgYQi+maA:DcPns281CucZRmGr0NvmbD6mB

Score

10^/10

revengerat guest discovery stealer trojan

Malware Config

Extracted

Family

revengerat

Botnet

Guest

127.0.0.1:4782

Mutex

RV_MUTEX

Signatures

RevengeRAT
Remote-access trojan with a wide range of capabilities.
trojan revengerat
Revengerat family
revengerat

RevengeRat Executable 1 IoCs

stealer

resource	yara_rule
behavioral2/files/0x0007000000027fba-243.dat	revengerat

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-556327730-4249790997-552795783-1000\Control Panel\International\Geo\Nation	Client.exe
Key value queried	\REGISTRY\USER\S-1-5-21-556327730-4249790997-552795783-1000\Control Panel\International\Geo\Nation	Client.exe
Key value queried	\REGISTRY\USER\S-1-5-21-556327730-4249790997-552795783-1000\Control Panel\International\Geo\Nation	Revenge-RAT v0.3.exe

Executes dropped EXE 4 IoCs

pid	Process
4456	Revenge-RAT v0.3.exe
2408	Client.exe
1612	Client.exe
532	Revenge-RAT v0.3.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ilasm.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	Taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	Taskmgr.exe

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Client.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\SYSTEM\CENTRALPROCESSOR\0	Client.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Client.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\SYSTEM\CENTRALPROCESSOR\0	Client.exe

Enumerates system info in registry 2 TTPs 4 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	Client.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSVersion	Client.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	Client.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSReleaseDate	Client.exe

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-556327730-4249790997-552795783-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-556327730-4249790997-552795783-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-556327730-4249790997-552795783-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-556327730-4249790997-552795783-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	explorer.exe

Modifies data under HKEY_USERS 15 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "67"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-556327730-4249790997-552795783-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\WFlags = "0"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-556327730-4249790997-552795783-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616209"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-556327730-4249790997-552795783-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	Revenge-RAT v0.3.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	Revenge-RAT v0.3.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-556327730-4249790997-552795783-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	Revenge-RAT v0.3.exe
Key created	\REGISTRY\USER\S-1-5-21-556327730-4249790997-552795783-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-556327730-4249790997-552795783-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0\0\0\0\0\0\MRUListEx = ffffffff	Revenge-RAT v0.3.exe
Key created	\REGISTRY\USER\S-1-5-21-556327730-4249790997-552795783-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell	Revenge-RAT v0.3.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-556327730-4249790997-552795783-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-556327730-4249790997-552795783-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	Revenge-RAT v0.3.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-556327730-4249790997-552795783-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-556327730-4249790997-552795783-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0\0\0	Revenge-RAT v0.3.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-556327730-4249790997-552795783-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0\0\0\0\0 = 6c003100000000006c5ac1a41000524556454e477e312e330000520009000400efbe6c5aaba46c5ac1a42e000000217f0200000007000000000000000000000000000000fd7db40052006500760065006e00670065002d005200410054002000760030002e00330000001a000000	Revenge-RAT v0.3.exe
Key created	\REGISTRY\USER\S-1-5-21-556327730-4249790997-552795783-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-556327730-4249790997-552795783-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0\0	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-556327730-4249790997-552795783-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg	Revenge-RAT v0.3.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-556327730-4249790997-552795783-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	Revenge-RAT v0.3.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-556327730-4249790997-552795783-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	Revenge-RAT v0.3.exe
Key created	\REGISTRY\USER\S-1-5-21-556327730-4249790997-552795783-1000_Classes\Local Settings	Revenge-RAT v0.3.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-556327730-4249790997-552795783-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0 = 19002f433a5c000000000000000000000000000000000000000000	Revenge-RAT v0.3.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-556327730-4249790997-552795783-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0\0\0\0\MRUListEx = 00000000ffffffff	Revenge-RAT v0.3.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-556327730-4249790997-552795783-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	Revenge-RAT v0.3.exe
Key created	\REGISTRY\USER\S-1-5-21-556327730-4249790997-552795783-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-556327730-4249790997-552795783-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0\0\0\0\0	Revenge-RAT v0.3.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-556327730-4249790997-552795783-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Generic"	Revenge-RAT v0.3.exe
Key created	\REGISTRY\USER\S-1-5-21-556327730-4249790997-552795783-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	Revenge-RAT v0.3.exe
Key created	\REGISTRY\USER\S-1-5-21-556327730-4249790997-552795783-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg	Revenge-RAT v0.3.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-556327730-4249790997-552795783-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0\0\0\0\0\0\NodeSlot = "4"	Revenge-RAT v0.3.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-556327730-4249790997-552795783-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	Revenge-RAT v0.3.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-556327730-4249790997-552795783-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-556327730-4249790997-552795783-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	Revenge-RAT v0.3.exe
Key created	\REGISTRY\USER\S-1-5-21-556327730-4249790997-552795783-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0	Revenge-RAT v0.3.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-556327730-4249790997-552795783-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\MRUListEx = 00000000ffffffff	Revenge-RAT v0.3.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-556327730-4249790997-552795783-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0\0\MRUListEx = 00000000ffffffff	Revenge-RAT v0.3.exe
Key created	\REGISTRY\USER\S-1-5-21-556327730-4249790997-552795783-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	Revenge-RAT v0.3.exe
Key created	\REGISTRY\USER\S-1-5-21-556327730-4249790997-552795783-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-556327730-4249790997-552795783-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0\0\0\0\0\MRUListEx = 00000000ffffffff	Revenge-RAT v0.3.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-556327730-4249790997-552795783-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	Revenge-RAT v0.3.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-556327730-4249790997-552795783-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	Revenge-RAT v0.3.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-556327730-4249790997-552795783-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-556327730-4249790997-552795783-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-556327730-4249790997-552795783-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 020000000100000000000000ffffffff	Revenge-RAT v0.3.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-556327730-4249790997-552795783-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0\MRUListEx = 00000000ffffffff	Revenge-RAT v0.3.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-556327730-4249790997-552795783-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	Revenge-RAT v0.3.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-556327730-4249790997-552795783-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-556327730-4249790997-552795783-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0\0\0\0\0	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-556327730-4249790997-552795783-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	Revenge-RAT v0.3.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-556327730-4249790997-552795783-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	Revenge-RAT v0.3.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-556327730-4249790997-552795783-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	Revenge-RAT v0.3.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-556327730-4249790997-552795783-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0\0\0\0\0\NodeSlot = "3"	Revenge-RAT v0.3.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-556327730-4249790997-552795783-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	Revenge-RAT v0.3.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-556327730-4249790997-552795783-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	Revenge-RAT v0.3.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-556327730-4249790997-552795783-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Rev = "0"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-556327730-4249790997-552795783-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	Revenge-RAT v0.3.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-556327730-4249790997-552795783-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0\0\0\0\0\MRUListEx = ffffffff	Revenge-RAT v0.3.exe
Key created	\REGISTRY\USER\S-1-5-21-556327730-4249790997-552795783-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell	Revenge-RAT v0.3.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-556327730-4249790997-552795783-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	Revenge-RAT v0.3.exe
Key created	\REGISTRY\USER\S-1-5-21-556327730-4249790997-552795783-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0\0\0\0	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-556327730-4249790997-552795783-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	Revenge-RAT v0.3.exe
Key created	\REGISTRY\USER\S-1-5-21-556327730-4249790997-552795783-1000_Classes\Local Settings	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-556327730-4249790997-552795783-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-556327730-4249790997-552795783-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0\0\0	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-556327730-4249790997-552795783-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202	Revenge-RAT v0.3.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
8	explorer.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
2808	Taskmgr.exe
2808	Taskmgr.exe
2808	Taskmgr.exe
2808	Taskmgr.exe
2808	Taskmgr.exe
2808	Taskmgr.exe
2808	Taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
3836	7zFM.exe
4456	Revenge-RAT v0.3.exe

Suspicious use of AdjustPrivilegeToken 17 IoCs

description	pid	Process
Token: SeRestorePrivilege	3836	7zFM.exe
Token: 35	3836	7zFM.exe
Token: SeSecurityPrivilege	3836	7zFM.exe
Token: SeDebugPrivilege	2408	Client.exe
Token: SeDebugPrivilege	2808	Taskmgr.exe
Token: SeSystemProfilePrivilege	2808	Taskmgr.exe
Token: SeCreateGlobalPrivilege	2808	Taskmgr.exe
Token: 33	2808	Taskmgr.exe
Token: SeIncBasePriorityPrivilege	2808	Taskmgr.exe
Token: 33	1176	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1176	AUDIODG.EXE
Token: SeDebugPrivilege	1612	Client.exe
Token: 33	4456	Revenge-RAT v0.3.exe
Token: SeIncBasePriorityPrivilege	4456	Revenge-RAT v0.3.exe
Token: SeShutdownPrivilege	3680	shutdown.exe
Token: SeRemoteShutdownPrivilege	3680	shutdown.exe
Token: SeDebugPrivilege	4456	Revenge-RAT v0.3.exe

Suspicious use of FindShellTrayWindow 44 IoCs

pid	Process
3836	7zFM.exe
3836	7zFM.exe
4456	Revenge-RAT v0.3.exe
4456	Revenge-RAT v0.3.exe
4456	Revenge-RAT v0.3.exe
2808	Taskmgr.exe
2808	Taskmgr.exe
2808	Taskmgr.exe
2808	Taskmgr.exe
2808	Taskmgr.exe
2808	Taskmgr.exe
2808	Taskmgr.exe
2808	Taskmgr.exe
2808	Taskmgr.exe
2808	Taskmgr.exe
2808	Taskmgr.exe
2808	Taskmgr.exe
2808	Taskmgr.exe
2808	Taskmgr.exe
2808	Taskmgr.exe
2808	Taskmgr.exe
2808	Taskmgr.exe
2808	Taskmgr.exe
2808	Taskmgr.exe
2808	Taskmgr.exe
2808	Taskmgr.exe
2808	Taskmgr.exe
2808	Taskmgr.exe
2808	Taskmgr.exe
2808	Taskmgr.exe
2808	Taskmgr.exe
2808	Taskmgr.exe
2808	Taskmgr.exe
2808	Taskmgr.exe
2808	Taskmgr.exe
2808	Taskmgr.exe
2808	Taskmgr.exe
4456	Revenge-RAT v0.3.exe
532	Revenge-RAT v0.3.exe
532	Revenge-RAT v0.3.exe
1612	Client.exe
1612	Client.exe
1612	Client.exe
4456	Revenge-RAT v0.3.exe

Suspicious use of SendNotifyMessage 40 IoCs

pid	Process
4456	Revenge-RAT v0.3.exe
4456	Revenge-RAT v0.3.exe
2808	Taskmgr.exe
2808	Taskmgr.exe
2808	Taskmgr.exe
2808	Taskmgr.exe
2808	Taskmgr.exe
2808	Taskmgr.exe
2808	Taskmgr.exe
2808	Taskmgr.exe
2808	Taskmgr.exe
2808	Taskmgr.exe
2808	Taskmgr.exe
2808	Taskmgr.exe
2808	Taskmgr.exe
2808	Taskmgr.exe
2808	Taskmgr.exe
2808	Taskmgr.exe
2808	Taskmgr.exe
2808	Taskmgr.exe
2808	Taskmgr.exe
2808	Taskmgr.exe
2808	Taskmgr.exe
2808	Taskmgr.exe
2808	Taskmgr.exe
2808	Taskmgr.exe
2808	Taskmgr.exe
2808	Taskmgr.exe
2808	Taskmgr.exe
2808	Taskmgr.exe
2808	Taskmgr.exe
2808	Taskmgr.exe
2808	Taskmgr.exe
2808	Taskmgr.exe
532	Revenge-RAT v0.3.exe
532	Revenge-RAT v0.3.exe
1612	Client.exe
1612	Client.exe
1612	Client.exe
4456	Revenge-RAT v0.3.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
4456	Revenge-RAT v0.3.exe
8	explorer.exe
8	explorer.exe
4456	Revenge-RAT v0.3.exe
1008	LogonUI.exe

Suspicious use of WriteProcessMemory 17 IoCs

description	pid	Process	procid_target
PID 4456 wrote to memory of 1644	4456	Revenge-RAT v0.3.exe	97
PID 4456 wrote to memory of 1644	4456	Revenge-RAT v0.3.exe	97
PID 4456 wrote to memory of 1644	4456	Revenge-RAT v0.3.exe	97
PID 4456 wrote to memory of 5116	4456	Revenge-RAT v0.3.exe	99
PID 4456 wrote to memory of 5116	4456	Revenge-RAT v0.3.exe	99
PID 8 wrote to memory of 2408	8	explorer.exe	102
PID 8 wrote to memory of 2408	8	explorer.exe	102
PID 2408 wrote to memory of 2808	2408	Client.exe	104
PID 2408 wrote to memory of 2808	2408	Client.exe	104
PID 2408 wrote to memory of 1612	2408	Client.exe	108
PID 2408 wrote to memory of 1612	2408	Client.exe	108
PID 1612 wrote to memory of 1492	1612	Client.exe	120
PID 1612 wrote to memory of 1492	1612	Client.exe	120
PID 1612 wrote to memory of 3428	1612	Client.exe	122
PID 1612 wrote to memory of 3428	1612	Client.exe	122
PID 1612 wrote to memory of 3680	1612	Client.exe	124
PID 1612 wrote to memory of 3680	1612	Client.exe	124

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Revenge-RAT v0.3.7z"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3836

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2960

C:\Users\Admin\Desktop\Revenge-RAT v0.3\Revenge-RAT v0.3.exe
"C:\Users\Admin\Desktop\Revenge-RAT v0.3\Revenge-RAT v0.3.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4456
- C:\Windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
  "C:\Windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe" /QUIET "C:\Users\Admin\AppData\Local\Temp\RV.IL" /output:"C:\Users\Admin\Desktop\Revenge-RAT v0.3\Client.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1644
- C:\Windows\explorer.exe
  "C:\Windows\explorer.exe" /select,C:\Users\Admin\Desktop\Revenge-RAT v0.3\Client.exe
  2⤵
  PID:5116

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:8
- C:\Users\Admin\Desktop\Revenge-RAT v0.3\Client.exe
  "C:\Users\Admin\Desktop\Revenge-RAT v0.3\Client.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Checks processor information in registry
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2408
- - C:\Windows\System32\Taskmgr.exe
    "C:\Windows\System32\Taskmgr.exe"
    3⤵
    - Checks SCSI registry key(s)
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:2808
- - C:\Users\Admin\AppData\Roaming\Client.exe
    "C:\Users\Admin\AppData\Roaming\Client.exe"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Checks processor information in registry
    - Enumerates system info in registry
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:1612
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\temp.EawrHJfW5887.bat" "
      4⤵
      PID:1492
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\temp.GRClgZblRvZ368265.bat" "
      4⤵
      PID:3428
  - - C:\Windows\System32\shutdown.exe
      "C:\Windows\System32\shutdown.exe" -s -t 00
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:3680

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x498 0x51c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1176

C:\Users\Admin\Desktop\Revenge-RAT v0.3\Revenge-RAT v0.3.exe
"C:\Users\Admin\Desktop\Revenge-RAT v0.3\Revenge-RAT v0.3.exe"
1⤵
- Executes dropped EXE
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:532

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa39f8855 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:1008

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v2.0\UsageLogs\Client.exe.log

Filesize
680B

MD5
9f66406c342a590ed936c4323ee80559

SHA1
6614e99135672751ded6eb86c06473d7baeccfd3

SHA256
33c90022db5a5c090dc8a55d21c99afc25d2daa5d57942d432973c5372221db2

SHA512
ed915b9976815f6ab4b4d5ea14dbcad0c320b2f8be851fd1fe75046b6f33e7261387d4c6b93672b3fdfa850c158f820c744406203ff2b3fbb34f79f86806d4df

Download Submit
C:\Users\Admin\AppData\Local\Temp\RV.IL

Filesize
200KB

MD5
d91f479687529f866684da85e8b54707

SHA1
46eb7ff2238b48aaeedecafe43c88611cb2c82b8

SHA256
9184d36abac445bc93500a83aa4a09a69f6d77c178c4ab77607bce3c09fe64c6

SHA512
882cecbf47b04105c40b5ffcac69453e213b420e5249c135d85ccc269247dc0d2a53a8a0283c8da7389d7c026597ac8941c3aa2e81dfaa9ca8e2478ca77de2d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\temp.EawrHJfW5887.bat

Filesize
35B

MD5
ad539b3696a6c318860b037719d67f99

SHA1
201a5a35d2973063dd3781343b18475d3ffadafb

SHA256
eef2b507e5c5792d2cb5c904f099b1c71907a187ee44da3605bd0ba237f283a8

SHA512
eaf0997024cdfe5c5bd86ce42ffabe0e33739ac010567ba6282dd78df4c1c0ff1a6995951540d393e597c4c79226a5aa9f68425f3cfe773d810aced17a17834e

Download Submit
C:\Users\Admin\AppData\Local\Temp\temp.GRClgZblRvZ368265.bat

Filesize
45B

MD5
0b19976d33d6f6e70c998ada5441c006

SHA1
f9804293a69be6b58827e723dac1b4b67b6084ed

SHA256
de6fe3299a59339cb70624042644e0ec31523c51a5c4cc6b9866029438f2a40e

SHA512
83c11d22fb0bd31f1ae0fe4a5a4030086b12cfff4c1dff70d801edb9260d74cd8310f925c95e5f2880911f7f61b4f6cc3208a045cde02cbf8c137cf50a50ee11

Download Submit
C:\Users\Admin\Desktop\Revenge-RAT v0.3\AForge.Video.DirectShow.dll

Filesize
35KB

MD5
2343899ea6b3dff06a6db2f0fbd86406

SHA1
9a578eb8fc1d0b9d12adc6a0fcc39ee822c5fd0c

SHA256
643a7f9754d90d475db3f84af7b254a64dd555ced0f039aaa4f08b5b27ab4fdb

SHA512
0ed7f9d8630dd9e946b9d3c22eaa84bcfbdfc8c8f2dccc877f47a176789ce70118f670ee23d820c6a42a2b4099b9088aaae1da8a957bded12224632440bda5c6

Download Submit
C:\Users\Admin\Desktop\Revenge-RAT v0.3\AForge.Video.dll

Filesize
16KB

MD5
a614d58e17ba34826b59c4942c32f078

SHA1
c16382c25de65a9ed84b0f87288e473e62ade7da

SHA256
311724ff73b331cd6de0649b01923f7e43d168aa5b1e7f031b2b175148062757

SHA512
dec8564442dbba55f60bc74127c4118347b014ecc776f54c257d0e1e5cd3b80df635003da91cb906671ad3912d44de64548f62dc29ca3dd6de8d73ec1a1cbad9

Download Submit
C:\Users\Admin\Desktop\Revenge-RAT v0.3\Client.exe

Filesize
17KB

MD5
3bdeed8383eb088ec54352e52608e650

SHA1
56fef561f91178f08bbdcfa8da3d87e1bc7f9002

SHA256
9decb8fabcd1154c6f89660f84d60398747019422f091f123bbfc6f8dc854b1d

SHA512
cfb917c428827d722c335980f4cc2ac124df6925482940380cb5796207dcb5a2919728df40f3052ad5d748c4177a33cccf126ad36602b2669d1fa7c5a2fee9b3

Download Submit
C:\Users\Admin\Desktop\Revenge-RAT v0.3\Config.XML

Filesize
827B

MD5
7833a71d62fc020bc61cafbfd0938cf7

SHA1
ed9076a40d76c32ad8167b060dcb01c753e053de

SHA256
570c99a4d9a65cabf7a7b20343191af34e6b82717864d6a5d13fb41fc24f750e

SHA512
a6d8f153d44b1a82c4c58bc84e5e0c0a0f180667c15b10b074d7befa65532f08db5d8b9e0ae74ead70af5dda1e90ec9a3a2d2f4721cbf916e7e0d34d698616d6

Download Submit
C:\Users\Admin\Desktop\Revenge-RAT v0.3\Database\2025-03-12\8-37-33 PM.log

Filesize
98B

MD5
fa17cc991479e7255b02c54eebbfd55f

SHA1
c4746977448cc1ccc57652da0ddfd072156a941b

SHA256
f8e105c207ca5e8dd038d841789db7b3e4511701a2751f96079a1d2876433ac7

SHA512
bb0b7ab1fe04e54fac78d89347a57f45797052bd4f723a601bb85456ccaf5f44fddce597a3b21f321bf93b98e3860b7d2275a8530251e94b7d1402b92e998433

Download Submit
C:\Users\Admin\Desktop\Revenge-RAT v0.3\Database\2025-03-12\8-37-33 PM.log

Filesize
333B

MD5
8d755c3ed6ef07c1d8822f0e16bc05e1

SHA1
14d3bf6ea8de31f7823eb97f0b8797e09353d487

SHA256
23c28ba7621263af02535e5c96fc021883b46ea0c04a4a7ffdbae6d143936c94

SHA512
d4db42ca1de1a3cc18949ccb447421d365645c2282d5c58fffbd4a4672df37c811006e348feaee07a0cf86bf46bbc5f3e8547042e906e779871fe39cc55bde34

Download Submit
C:\Users\Admin\Desktop\Revenge-RAT v0.3\FastColoredTextBox.dll

Filesize
331KB

MD5
7d315038da4cb77039dc315c64946e22

SHA1
c213bf396157ef97c23a751aebcabfb26f34b7d0

SHA256
777c68c5c47cf91e18583a0fa50b556b1551898a07097f296a0811943a493fa6

SHA512
794a8f00629f083edf3a7c20fb22fc29a13e1c6822bffcc0696918b7b999a53483d867ea6b7ee08352b4ddfc21c75f03a68a6b45ccab8c4b2ccf582383a6b87e

Download Submit
C:\Users\Admin\Desktop\Revenge-RAT v0.3\GeoIP.dat

Filesize
1021KB

MD5
953c073031a08211d72daeec0551a20d

SHA1
de7441086bf49d7e590172ee07ca9ccc3d690298

SHA256
6615e1e1d8e9ee5ae891dcc43fdd050787f28227369eed50ab3403b171a187f2

SHA512
076de07d270878c4846c0d091a76cec925d57399bdf937791232a5363bee7bdc9f14418530593f1a509fe0df3db0454793635b70feb913413829e1bf2c85b8a3

Download Submit
C:\Users\Admin\Desktop\Revenge-RAT v0.3\IconLib.dll

Filesize
59KB

MD5
45ecaf5e82da876240f9be946923406c

SHA1
0e79bfe8ecc9b0a22430d1c13c423fbf0ac2a61d

SHA256
087a0c5f789e964a2fbcb781015d3fc9d1757358bc63bb4e0b863b4dffdb6e4f

SHA512
6fd4a25051414b2d70569a82dff5522606bfc34d3eaeea54d2d924bc9c92e479c7fda178208026308a1bf9c90bee9dbcaf8716d85c2ab7f383b43b0734329bc8

Download Submit
C:\Users\Admin\Desktop\Revenge-RAT v0.3\Icons\Onedrive.ico

Filesize
361KB

MD5
257440f1449c4505669d278bf431405c

SHA1
5235870185889ffa48234f1f4af14647634c19ef

SHA256
a3c9e33dafb4c829a57a81ba8a6d94c2da9b343b6f9d6c933a4b5b88bbd96495

SHA512
d99bf41a9017dcef261fc9886887fdeb3d3b6db806d92d8f76c783764caa7f94738b7258750a5fb26cb6069f471d1acfb55dc79db5855a5619e9d864e74761a7

Download Submit
C:\Users\Admin\Desktop\Revenge-RAT v0.3\Plugin Compiler.exe

Filesize
534KB

MD5
fb315d1ae339c9506033026e78500199

SHA1
97dc5017a8a796750567fcd7b5bfb4be2233a5ae

SHA256
2f4fd04bbf02ef75845bfb287e5abc4fb7ae9a81776142b573eadadbf28fbe81

SHA512
895fc9f3c10bcab8c30fd7773820130b7d8d7e2145226052fedbb210b564db39e9078666762836235a8c6c40c49a3bb2b41f49f7753c97c2f09370a0327e154c

Download Submit
C:\Users\Admin\Desktop\Revenge-RAT v0.3\Plugin\CH.dll

Filesize
47KB

MD5
74714e0a1319b0eb3fc927df4c2ceaf5

SHA1
4c5f75dce1fc61765875cab59b7229667223f633

SHA256
10e91c9ea564d040981b0506a2ed7dd406df88c89740dd7616c2f88b5337e29c

SHA512
b08e1b8b3fef63d32a938254e3486f531a3905750ef0b17f74000b15c9653a73eb038a09fb0bf55f7998a5632d28fd5691139142f4839be8c2c3f931c4fbc92e

Download Submit
C:\Users\Admin\Desktop\Revenge-RAT v0.3\Plugin\MC.dll

Filesize
24KB

MD5
6e72b0d89bfe75809d528350f97a0a61

SHA1
b9de36dfcd5e53aed2b01b5e28b6084095d40c82

SHA256
81c1a5afe6e0bd9c5047842f28865dc843554e5dfc88e35807d9fb79076076f7

SHA512
f32244ed6fdeab55de60d64526399655f2281db6bc71ffe155c0fe1bde23289bc08fa7ec1796e1df34e7a3a3309cc56658b9b24275de9ec29bb9f62b63814688

Download Submit
C:\Users\Admin\Desktop\Revenge-RAT v0.3\Plugin\PA.dll

Filesize
7KB

MD5
659e90c71374dc81a30e65488e8ebdd6

SHA1
e2170df6583daf11dbd71dacb46702ae48033381

SHA256
3b053d5a53609e10e688b0b83c330150977c140dd56817fe5acd9ee439f57839

SHA512
d64c435c9b626f77c61ce117a5d78bc67988365bfad8f77d49ca52dc2164a351dca4d6f1c433b1432ef835a75355906e8df33794c99f1b5149e493f8191af51f

Download Submit
C:\Users\Admin\Desktop\Revenge-RAT v0.3\Plugin\RD.dll

Filesize
6KB

MD5
2ac8b3cf8d900994bf6c76dcd31af4cb

SHA1
311146a4bf214ca70c6e2db919f42e0215da21ef

SHA256
160ca753cd850647bae699a40cab21deed96cd1b73a4d1c14924aaef0a81aa8a

SHA512
120d9f2cbab25d53de16f66956f8c7c6aed9df9d7b4457dfb93a1ccc6cf832d71b43b9a6339767ee756d2c6798ab8fb73708aba8542a64e69f8e854e9939d790

Download Submit
C:\Users\Admin\Desktop\Revenge-RAT v0.3\Plugin\SC.dll

Filesize
10KB

MD5
f003d358765e32183f7155d31051f39e

SHA1
72c8b00985518e06e4dccf7b428557bd8150fa93

SHA256
edf24004e879e42d855d18b0b8b43cef63f6b0ecc47b2050857673359913843c

SHA512
5562d3edb589a736e14fcfa8f47a0f39c4cbc11b0d1726e7c036c1033972100b8e32312ae3ff149fc011c1ed9f006099519f39622d648b946449dd0052af21fc

Download Submit
C:\Users\Admin\Desktop\Revenge-RAT v0.3\Plugin\SI.dll

Filesize
30KB

MD5
3bc9f9ed0608c44a95bd8b69103cb703

SHA1
cdc9960472d35bb901eaf087f610580115d594ad

SHA256
681ec596b81fb09909912050b80525f963ca3a3711a944f990201a22796cbb13

SHA512
d2c236bae02f29756c6f79b9d1e84683c8d9fa604b44060867d9dba0339a431b04b1cd29693675bb0c597c1adee4519a8a7653d0b1b6c3b24fe2a33a17ecf8f2

Download Submit
C:\Users\Admin\Desktop\Revenge-RAT v0.3\RV.IL

Filesize
199KB

MD5
a582eb1e45710aff18fbce455daebbe6

SHA1
c14e7f277efa3f314147db4cae0279fecb5ad95a

SHA256
338a5080bdf746c1b3512c1ea37d313f6a96cc3a1da9d5111a19e84b669556f7

SHA512
2d8d3e071d8d1ae8953cac42636905b9213faff753d2697a40cc3d600586eeccc5ab2df4331aed351b9a1ce21470711a282a0b24f24ec6acc37363258d2b8497

Download Submit
C:\Users\Admin\Desktop\Revenge-RAT v0.3\Revenge-RAT v0.3.exe

Filesize
13.7MB

MD5
531d8b4ac8f7eb827d62424169321b2b

SHA1
a269563cbfa32b667f89d709eebc0b6c08b57272

SHA256
6b2324bb337f722067e6c1b5cef5f64e89338e2beccf95289aaaa2af8a0556b9

SHA512
24fb3d7430cdd6fa4a80af2982f4334db722e97a0286e97bfc56600d27598710962641837a368a133d6f6a4bd8372f00e9dd49e9c79de14653cbf7360c3e2872

Download Submit
C:\Users\Admin\Desktop\Revenge-RAT v0.3\Theme Compiler.exe

Filesize
489KB

MD5
32ca48211b21af0bcc003d4433319671

SHA1
17e7c3362bc9663ddd10a1add0b5f42bbe51bf83

SHA256
19c95ad5cf50f8c8273fcd4179c4878ebede832f9234955ac4fd4233b5b6a693

SHA512
7ce094cd520e5074ec45b9eb23a09e2adc177233de0f17e63cdca124817c3dab4e412c3868aaf24b3efdf67ab7c7f00409bceb38ed5fcfbfc7673de3632b866e

Download Submit
C:\Users\Admin\Desktop\Revenge-RAT v0.3\Themes\Black Currant.XML

Filesize
317B

MD5
3273aa6daaea39093a5bfc7a9c448ffd

SHA1
4e60c621336aac17094e34c0d9826bc1b6f57293

SHA256
6dee1560c1fcda9679e9960b053c376c2ad62186842bde087017ceef2950091c

SHA512
5f74627587281009be19d6fd64061912590053f9ca789dc87af413a511c0f8debe634bd7362b8dfae3f8653c9f9a9ebb8226096dfacb7ec2c4bfa726d792db30

Download Submit
C:\Users\Admin\Desktop\Revenge-RAT v0.3\Themes\Corduroy.XML

Filesize
302B

MD5
af02d76a4205a06fa026b104c9ef6f9c

SHA1
3b5b6caae1a61c73c6a2422e317f6423d3db7643

SHA256
48dc2474446183f0f7d565a48955164088b7138ca76267de75211c79bd8a1f73

SHA512
516bc4415c0e1b6eab1e13f50ebc5ffbaf17e023ca9e289bbe43ce0c542421c2b2974887294675640ed60ccd89579fadd5668121160e3722bba71e6d43815677

Download Submit
C:\Users\Admin\Desktop\Revenge-RAT v0.3\Themes\Dark Slate Blue.XML

Filesize
321B

MD5
4ee421116803242935b0db92552b2c22

SHA1
d574c22cd452ba06b45751617a1c2dcafacfafbe

SHA256
fb14ef9e16577d763906c8e24ff08ac58a6818c191a6bdd8fbcea020566cd678

SHA512
a48f49c69fda221c6bb9209f83cf7cef5c444519ba81d1615270e328823905680c6022005aeaba3f94ad73663a70f5cf7a3632169b4639c3dee0f556267e09b2

Download Submit
C:\Users\Admin\Desktop\Revenge-RAT v0.3\Themes\Darkness.XML

Filesize
296B

MD5
4a3574ead13dc1b45223ceb464a6fb34

SHA1
448a5fbcb0856d9b8641087948193d5894d1a1df

SHA256
48cd5ddf966916d1f4d5a58d2fcfecd4bcd85a3dedaa283ab3be27051d667819

SHA512
ad29360f11b66f0cd65f495e3c81c74ccc8b341ffd15fb2e1f2a6d23989688e8df92a37235dec315756fd9337b46775162939785e281feb48834ba65160993e5

Download Submit
C:\Users\Admin\Desktop\Revenge-RAT v0.3\Themes\Default.XML

Filesize
288B

MD5
8236b11ddfa2da4eefdaea1fb5c5f055

SHA1
5c80687119c1b666af761b4504478581c156b535

SHA256
13f89672439f33200d4356090fc568b7fe708b27a40b419ce3f63e7c83efa775

SHA512
63cabfb5f2b369730b2380c6ad1004b0ac1a168a949804b9893cedd9cd12ebd5811595d7bd1a013f2b54362ffacef5fff1252f655a49d39c6475e984ad7e74c9

Download Submit
C:\Users\Admin\Desktop\Revenge-RAT v0.3\Themes\Ebony.XML

Filesize
296B

MD5
33103b8550dc6d6dcfe385f9cc146226

SHA1
e3272f71903b05b182c27f53b7daefc72ff39a49

SHA256
9f7c09101b61a178f5a51fac6ac65bf8381673738707ee69ed407bb4107fb348

SHA512
433f9aa162bf93804b103acb73c546a465f583d645e4a8bea83939fe1e63e7aa6dfc6fdbdaa02c3e54327a9045a0681f37fd5e1218c00e14bc58e87dce721224

Download Submit
C:\Users\Admin\Desktop\Revenge-RAT v0.3\Themes\Gondola.XML

Filesize
300B

MD5
e3a1e85c171912cf9213e03ac02c6c35

SHA1
3f0f1ec894a64d937bdfc928620fcbb7b93f00cd

SHA256
a3983b0389b6ae7377bf1802fccfb7bbb216eafcc3f95e258a84d73427c1ef66

SHA512
0eef0dbb311d62d131ec50543065bb4d08a2b826232a7cfd76a0182df55dcfcd31e7bba15c582b49c9532a32778e19260a0049e034be44921878310f7e2ae605

Download Submit
C:\Users\Admin\Desktop\Revenge-RAT v0.3\Themes\Gray.XML

Filesize
298B

MD5
c360c5a4890a846e210217573c4369e5

SHA1
296e88635bb6c49a5a2beb321f661e1d3aa0d8f8

SHA256
d874360c198ec1d05ee51cb9c99e02eb37aa250860a3fd2e4a576359e7b2f1db

SHA512
61e0a69ae99bda0f08487d9da82eef0b62511107d8873ae8c2dc2b77a927358dbcfe9339238211adafd60164ebafacc6529bf86a40ac94e47260aa89aeace9f4

Download Submit
C:\Users\Admin\Desktop\Revenge-RAT v0.3\Themes\Light Sea Green.XML

Filesize
323B

MD5
d3d24b215d15a0e339dc91fd26189a5f

SHA1
7a026dda5bb806f332bfe9be8be4edf961669e38

SHA256
645f74f9656dc5f750a5645502b86022c1fcbf729ef5e8b804c82af2e39c3452

SHA512
bdd4652806f23e16f7b140a2e281bfe617e5a91e1d29317715e4feacfb0d8533a6f988d190857be223f6e030f11c597602dae7a3686a181b97fcbf40ffe2f455

Download Submit
C:\Users\Admin\Desktop\Revenge-RAT v0.3\Themes\Night Fury.XML

Filesize
307B

MD5
51c032e891ab547695e2723d6c0b1287

SHA1
d301c4d49e4ec9a6e179c852281d06c21abb7bc0

SHA256
9d88ff754399ca4e74f753278ef9e2bfc0fbdb7b0defd3b4f494599c36d6e1dc

SHA512
d4821d88f84c3de7212dd079e6736c8fc4de0177b57cf08958e079d9f537160bfa13ef6fb86726a977d8a10442f8637406562f536679e80b715f6850e992d876

Download Submit
C:\Users\Admin\Desktop\Revenge-RAT v0.3\Themes\Spring Green.XML

Filesize
315B

MD5
c1d435ad6ae911790e6f6a2ca17d803c

SHA1
ef05b4167b30b6f9fcf02090666312e31cf03487

SHA256
1c65d88062b76f4762a318ff1161f727b19646994c9878a500abc4edd7a9f4d2

SHA512
9e933389020ff931dc43304c5aeafcf3c538ccf7781219d56e8d75025ee155196565c6bc28482a075709517e69439463912347ac90bd5dc0c7bf0c888529ea99

Download Submit
C:\Users\Admin\Desktop\Revenge-RAT v0.3\Themes\Steel Blue.XML

Filesize
306B

MD5
ed01d03080b7cf3c8e3bcf8caf73a2f1

SHA1
970d9a55a6ce0c13419480371b4429c1896bdcfd

SHA256
3c630925eeca0801288f51cf0365e8346563f8cfd262892b356d29193c782667

SHA512
61533c46a96aecc651faacb835d707a15a7fb13d640f457d18f3ba7c6617e8766909b7b9d93fa2b6af494de5b1d7f044810b35e2e820248e4980d873642c544f

Download Submit
C:\Users\Admin\Desktop\Revenge-RAT v0.3\Themes\THE MYSTERIES LEGACY.XML

Filesize
325B

MD5
3602af02a52e807c21ecfa8db25bd408

SHA1
fc88cf1471f7a17df12a9d89f4bfb44f03f99deb

SHA256
d26312f0eaaac124594bb5fe6fa219d4ad3e8b42685573818ff5d225353f294d

SHA512
2d7565869851ed83149e9ac0a99350d34c6a3359d9e2d5cea35484b9f1593e49df40316628359ad4740f9ffdd1f1e65050502da68643016dcf4720b0cecaaf66

Download Submit
C:\Users\Admin\Desktop\Revenge-RAT v0.3\Themes\Teal.XML

Filesize
297B

MD5
d1a1a69c33cde46574a4bafe3f0054fe

SHA1
1aebc07f2186066c14002542324d6173a30ca783

SHA256
e85f8194358700c90aaad5826d84501214a3e1a1ed4ca7ebff91084fbceb8afc

SHA512
ef0117e38bc4c724f0d68dd83c1fa14bbdcdd4c3f7c5a8126d4b21246ff28013e45701bb26931e3c847b0d59223de641c2d56edefe457027515580203031f582

Download Submit
C:\Users\Admin\Desktop\Revenge-RAT v0.3\Themes\Tsunamii.XML

Filesize
310B

MD5
12d0b85843812894deaffc88b5526e25

SHA1
8dfecdb2e252fc0dcaf731751ec9dd9b3d1bfa17

SHA256
da4e31adf92e4295bdbbf69443176ad76f482d10b8249b09012d7b562cdde91b

SHA512
e3b3cbfc815072670b96fb8fa34a3f565220c58df958e0d7903a5f4d0934a8f03ad420817663f3a0274c5594e3e3052b4877e788ebdd47dc90a97864a53643b0

Download Submit
C:\Users\Admin\Desktop\Revenge-RAT v0.3\Themes\v_B01 - 3hud.XML

Filesize
304B

MD5
9b5b47314d30716f4e88442b20fee35d

SHA1
39ff61fc3f2ecdc14a443edffca907eee71a9827

SHA256
59d401c1148c9ee03069bcde2828364e0375ca917aa5eec38d749b3fa534aca2

SHA512
b51f79d976a39c8e768dd5ce54690013064ff6e2e130feb35d95bcbc1c746105624a69784138e0b7ec714d41dcc46bdbf41e23cb580db8beacf7b7fe4eb893e2

Download Submit
C:\Users\Admin\Desktop\Revenge-RAT v0.3\WinMM.Net.dll

Filesize
43KB

MD5
d4b80052c7b4093e10ce1f40ce74f707

SHA1
2494a38f1c0d3a0aa9b31cf0650337cacc655697

SHA256
59e2ac1b79840274bdfcef412a10058654e42f4285d732d1487e65e60ffbfb46

SHA512
3813b81f741ae3adb07ae370e817597ed2803680841ccc7549babb727910c7bff4f8450670d0ca19a0d09e06f133a1aaefecf5b5620e1b0bdb6bcd409982c450

Download Submit
memory/1612-318-0x000000001C780000-0x000000001C788000-memory.dmp

Filesize
32KB

Download
memory/1612-317-0x000000001D690000-0x000000001D6AA000-memory.dmp

Filesize
104KB

Download
memory/1612-347-0x00000000010A0000-0x00000000010B9000-memory.dmp

Filesize
100KB

Download
memory/1612-313-0x000000001D680000-0x000000001D68C000-memory.dmp

Filesize
48KB

Download
memory/1612-346-0x0000000000FE0000-0x0000000000FF4000-memory.dmp

Filesize
80KB

Download
memory/1612-355-0x0000000000FD0000-0x0000000000FDE000-memory.dmp

Filesize
56KB

Download
memory/1612-307-0x000000001C990000-0x000000001C9A2000-memory.dmp

Filesize
72KB

Download
memory/2408-277-0x000000001B090000-0x000000001B136000-memory.dmp

Filesize
664KB

Download
memory/2408-283-0x000000001D920000-0x000000001D9BC000-memory.dmp

Filesize
624KB

Download
memory/2408-276-0x000000001B6A0000-0x000000001BB6E000-memory.dmp

Filesize
4.8MB

Download
memory/2408-278-0x000000001C260000-0x000000001C2C2000-memory.dmp

Filesize
392KB

Download
memory/2408-282-0x000000001C2D0000-0x000000001C2DC000-memory.dmp

Filesize
48KB

Download
memory/2808-297-0x000002A3E6950000-0x000002A3E6951000-memory.dmp

Filesize
4KB

Download
memory/2808-296-0x000002A3E6950000-0x000002A3E6951000-memory.dmp

Filesize
4KB

Download
memory/2808-292-0x000002A3E6950000-0x000002A3E6951000-memory.dmp

Filesize
4KB

Download
memory/2808-298-0x000002A3E6950000-0x000002A3E6951000-memory.dmp

Filesize
4KB

Download
memory/2808-288-0x000002A3E6950000-0x000002A3E6951000-memory.dmp

Filesize
4KB

Download
memory/2808-287-0x000002A3E6950000-0x000002A3E6951000-memory.dmp

Filesize
4KB

Download
memory/2808-286-0x000002A3E6950000-0x000002A3E6951000-memory.dmp

Filesize
4KB

Download
memory/2808-295-0x000002A3E6950000-0x000002A3E6951000-memory.dmp

Filesize
4KB

Download
memory/2808-294-0x000002A3E6950000-0x000002A3E6951000-memory.dmp

Filesize
4KB

Download
memory/2808-293-0x000002A3E6950000-0x000002A3E6951000-memory.dmp

Filesize
4KB

Download
memory/4456-309-0x0000028D6E770000-0x0000028D6E782000-memory.dmp

Filesize
72KB

Download
memory/4456-224-0x00007FFBFA9B0000-0x00007FFBFB472000-memory.dmp

Filesize
10.8MB

Download
memory/4456-328-0x0000028D6C280000-0x0000028D6C28A000-memory.dmp

Filesize
40KB

Download
memory/4456-326-0x0000028D6C270000-0x0000028D6C280000-memory.dmp

Filesize
64KB

Download
memory/4456-223-0x00007FFBFA9B3000-0x00007FFBFA9B5000-memory.dmp

Filesize
8KB

Download
memory/4456-280-0x0000028D6E1F0000-0x0000028D6E206000-memory.dmp

Filesize
88KB

Download
memory/4456-217-0x00007FFBFA9B0000-0x00007FFBFB472000-memory.dmp

Filesize
10.8MB

Download
memory/4456-357-0x0000028D6C310000-0x0000028D6C36A000-memory.dmp

Filesize
360KB

Download
memory/4456-215-0x0000028D4F930000-0x0000028D506F4000-memory.dmp

Filesize
13.8MB

Download
memory/4456-214-0x00007FFBFA9B3000-0x00007FFBFA9B5000-memory.dmp

Filesize
8KB

Download
memory/4456-386-0x00007FFBFA9B0000-0x00007FFBFB472000-memory.dmp

Filesize
10.8MB

Download

Analysis

Sharing

Errors

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads