revengerat | 8ef692bc1808ce731aebee08f730c9d0a5b6d4695dafab2d420201247f717fc8 | Triage

Submit
Reports

Overview

overview

Static

static

1

Client.bat

windows7-x64

8

Client.bat

windows10-1703-x64

Client.bat

windows10-2004-x64

Client.bat

windows11-21h2-x64

Sharing

General

Target

Client.bat
Size

286KB
Sample

240611-fxvsdswapc
MD5

63c935a02276c2876f0f40f6ca93de5b
SHA1

06f5951a19367f0d348c0ba4055b42aa2ffcc724
SHA256

8ef692bc1808ce731aebee08f730c9d0a5b6d4695dafab2d420201247f717fc8
SHA512

be0cc7ac331c5613cb567749e0d1b76730620fbb6440a9a2a4a4bfdc719fdd49e466b2685fe0133e77e794f1c49bf7cdcca391e564b3ca8979c5ed6529adae79
SSDEEP

6144:P2xqkImYc6Cyaf3OXrio+jPv1Ra4LfIb55oXNs7attGR9:+qgVylXrio+Tt4rN5ci7a2R9

Score

10^/10

revengerat execution stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

Client.bat

Resource

win7-20240215-en

windows7-x64

5 signatures

60 seconds

Behavioral task

behavioral2

Sample

Client.bat

Resource

win10-20240404-en

revengerat execution stealer trojan

windows10-1703-x64

11 signatures

60 seconds

Behavioral task

behavioral3

Sample

Client.bat

Resource

win10v2004-20240508-en

revengerat execution stealer trojan

windows10-2004-x64

15 signatures

60 seconds

Behavioral task

behavioral4

Sample

Client.bat

Resource

win11-20240508-en

revengerat execution stealer trojan

windows11-21h2-x64

9 signatures

60 seconds

Malware Config

Targets

- Target
  
  Client.bat
- Size
  
  286KB
- MD5
  
  63c935a02276c2876f0f40f6ca93de5b
- SHA1
  
  06f5951a19367f0d348c0ba4055b42aa2ffcc724
- SHA256
  
  8ef692bc1808ce731aebee08f730c9d0a5b6d4695dafab2d420201247f717fc8
- SHA512
  
  be0cc7ac331c5613cb567749e0d1b76730620fbb6440a9a2a4a4bfdc719fdd49e466b2685fe0133e77e794f1c49bf7cdcca391e564b3ca8979c5ed6529adae79
- SSDEEP
  
  6144:P2xqkImYc6Cyaf3OXrio+jPv1Ra4LfIb55oXNs7attGR9:+qgVylXrio+Tt4rN5ci7a2R9
Score

10^/10

execution revengerat stealer trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- RevengeRat Executable
  stealer
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

revengeratexecutionstealertrojan

behavioral3

revengeratexecutionstealertrojan

behavioral4

revengeratexecutionstealertrojan

© 2018-2024

Terms | Privacy