revengerat | c516c1a413288af6311756bf33692d514d811e9d7dbbc7d873065f8bae6f32bb | Triage

Submit
Reports

Overview

overview

Static

static

3

Claws.exe

windows10-ltsc_2021-x64

Sharing

General

Target

Claws.exe
Size

169KB
Sample

250413-bk12esv1ez
MD5

7722c519958c86885ca19a7d9940b9c8
SHA1

bb0c80aa03b1b9f3675f0a827a35f54d73b83a15
SHA256

c516c1a413288af6311756bf33692d514d811e9d7dbbc7d873065f8bae6f32bb
SHA512

c0591c7f8682a643a5d41d3add9464a2bac2bc86b70b8b67613cb20f7f40d607deb64e9bf823c9cf4991547ff42c6f1279e548b54dbab954bad24cdc9b65006b
SSDEEP

3072:YLb2/QzfuruwSg1YyRyaAlYLC1ERXEqYPhVdU9HOcLkl+KUS:5M2OWYGyLlYW2uKBOcAUS

Score

10^/10

revengerat discovery persistence stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Claws.exe

Resource

win10ltsc2021-20250410-en

revengerat discovery persistence stealer trojan

windows10-ltsc_2021-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  Claws.exe
- Size
  
  169KB
- MD5
  
  7722c519958c86885ca19a7d9940b9c8
- SHA1
  
  bb0c80aa03b1b9f3675f0a827a35f54d73b83a15
- SHA256
  
  c516c1a413288af6311756bf33692d514d811e9d7dbbc7d873065f8bae6f32bb
- SHA512
  
  c0591c7f8682a643a5d41d3add9464a2bac2bc86b70b8b67613cb20f7f40d607deb64e9bf823c9cf4991547ff42c6f1279e548b54dbab954bad24cdc9b65006b
- SSDEEP
  
  3072:YLb2/QzfuruwSg1YyRyaAlYLC1ERXEqYPhVdU9HOcLkl+KUS:5M2OWYGyLlYW2uKBOcAUS
Score

10^/10

revengerat discovery persistence stealer trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Revengerat family
  revengerat
- RevengeRat Executable
  stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

revengeratdiscoverypersistencestealertrojan

© 2018-2025

Terms | Privacy