revengerat | 1f9159f350d807216525b3b66262a77bc316e504a5ca2be4494157bfce320041 | Triage

Submit
Reports

Overview

overview

Static

static

7

Windows 10...er.exe

windows7-x64

Windows 10...er.exe

windows10-2004-x64

Sharing

General

Target

MDE_File_Sample_3e58d58abbf0803b5bdaf505a948ea2aa7302cb1.zip
Size

954KB
Sample

240610-nab1rsgf2v
MD5

210d14d9194b61f28ac5b5f763598666
SHA1

6eb1c94b85851aa2a2e7cec31cd367f27c495afb
SHA256

1f9159f350d807216525b3b66262a77bc316e504a5ca2be4494157bfce320041
SHA512

68f0e839ae47c714a4c9dde341a27fd49b6825604aefca1e3862bf85b5d2abaee63c4c1a2825095db032c723c7e3849cec41dfe68c0e307e8b90094e78bebe8e
SSDEEP

24576:gmJ9ZSet5y25qxe7xgccH+vcqVZclhfcD5zYysO/fKn/b5NOdh:9JXJtM25f7xlc8FYlhfgt5hynCdh

Score

10^/10

revengerat stealer trojan upx

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

Windows 10 Setup Tool - CHIP-Installer.exe

Resource

win7-20240508-en

revengerat stealer trojan upx

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

Windows 10 Setup Tool - CHIP-Installer.exe

Resource

win10v2004-20240226-en

revengerat stealer trojan upx

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  Windows 10 Setup Tool - CHIP-Installer.exe
- Size
  
  1.5MB
- MD5
  
  9ac8e5d5cd3a2f24d73cd53f300d500a
- SHA1
  
  3e58d58abbf0803b5bdaf505a948ea2aa7302cb1
- SHA256
  
  ea82f1c9c0b0f71f3ef15ca54e6b805e6d8b14ee9520d65bb11b308a613d2c93
- SHA512
  
  fcf66353522ad08f33b8df31f67a50a9a5d0ae4471dffff3ea9c3f992ae82c9bdc360ee540c9e47dc302dc608b213ca53cb22e04d4673f2d6708db2ac0856504
- SSDEEP
  
  24576:tq5TfcdHj4fmbK2qYjzKJ9Ttr8QKPvxriRfgpk7yjFzQJ9TtFkQKP5q4IRfG4vki:tUTsamOxz5+Lpk7j5p24vk7O
Score

10^/10

revengerat stealer trojan upx
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- RevengeRat Executable
  stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

revengeratstealertrojanupx

behavioral2

revengeratstealertrojanupx

© 2018-2024

Terms | Privacy