General
-
Target
Antidetect Patreon Premium Edition.zip
-
Size
82.1MB
-
Sample
250404-gbp6fstjz7
-
MD5
da6fca9875d015d473903253b4fbc91b
-
SHA1
3d77d4d890f90c10ff2b2e8634b0d4bee4b32a0c
-
SHA256
09783e351572f295ff6f902cbb3dda590ce05d42af46b370c3c689fd84262282
-
SHA512
f73bb19d6e730a43668ff9dc5a895ffd251d66129bc36f96a4106acd3aba66c5be5869ee8c3233a26ac2d5c8262654ddce39a789a05a7827b46995b5cb5801fd
-
SSDEEP
1572864:7LG+Gd3iKuMbp6+X2X0RKKjPdo8C0s9kN7irwYk:DP5FERKErpirwYk
Malware Config
Extracted
revengerat
NYAN-CAT
blog.capeturk.com:1111
RV_MUTEX-FZMONFueOciq
Targets
-
-
Target
Antidetect Patreon Premium Edition/Antidetect Patreon Premium Edition 2022.exe
-
Size
84.3MB
-
MD5
b4bceed650b2162007040ce71b3a94a6
-
SHA1
810bd44e0f3d3efdf1ec7923c54d5a86ecb5799a
-
SHA256
316e21b3e68b522fc33f29723770f031ca472f39c6b192f3e4534b5198652372
-
SHA512
3355173305b03120b4db20c92765c4c84db0ff75d0305e7a1192cea6a4c0ab64fbe9838c2c3185458eb5aed967347276b2d78cba0c55753694a21b9b04aa480c
-
SSDEEP
1572864:O96ytL1hdHOZJGF2qDdNy00uNhM/IiafGhoZyV4CSS17IAs7lZJbKpg4:ODBpOSFZRNy+NhM/2ZkP7RalZJ+pg
Score10/10-
RevengeRAT
Remote-access trojan with a wide range of capabilities.
-
Revengerat family
-
RevengeRat Executable
-
Drops file in Drivers directory
-
Manipulates Digital Signatures
Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Component Object Model Hijacking
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Component Object Model Hijacking
1Defense Evasion
Modify Registry
1Subvert Trust Controls
1SIP and Trust Provider Hijacking
1