revengerat | 0259988df01a82ad5936bc17d01a96b07b8bd530790bf47277535edef3100ffc | Triage

Submit
Reports

Overview

overview

Static

static

1

Client.bat

windows10-1703-x64

Client.bat

windows10-2004-x64

Client.bat

windows11-21h2-x64

Sharing

General

Target

Client.bat
Size

265KB
Sample

240611-g78bxaxelf
MD5

01e96014af705a61d5ca83d367517549
SHA1

403b1418e8ff1b7bb218cf87bfb7cc45905ea3e1
SHA256

0259988df01a82ad5936bc17d01a96b07b8bd530790bf47277535edef3100ffc
SHA512

af19bf403f1204bef43d12b9c6872a0e67da2f8a6d168dd14481968c5d418fa982a3aa8677f7b011f39314ef6a351e785af3d46e692443cc23ea1fa3b2cbb7d2
SSDEEP

6144:c5G5RlzeUqntbabTty2g13glFyDZdCq0PfxGY:c5G5RUUguTE31QqddT0PZGY

Score

10^/10

revengerat execution stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

Client.bat

Resource

win10-20240404-en

revengerat execution stealer trojan

windows10-1703-x64

9 signatures

60 seconds

Behavioral task

behavioral2

Sample

Client.bat

Resource

win10v2004-20240426-en

revengerat execution stealer trojan

windows10-2004-x64

12 signatures

60 seconds

Behavioral task

behavioral3

Sample

Client.bat

Resource

win11-20240426-en

revengerat execution stealer trojan

windows11-21h2-x64

9 signatures

60 seconds

Malware Config

Extracted

Family

revengerat

Mutex

Targets

- Target
  
  Client.bat
- Size
  
  265KB
- MD5
  
  01e96014af705a61d5ca83d367517549
- SHA1
  
  403b1418e8ff1b7bb218cf87bfb7cc45905ea3e1
- SHA256
  
  0259988df01a82ad5936bc17d01a96b07b8bd530790bf47277535edef3100ffc
- SHA512
  
  af19bf403f1204bef43d12b9c6872a0e67da2f8a6d168dd14481968c5d418fa982a3aa8677f7b011f39314ef6a351e785af3d46e692443cc23ea1fa3b2cbb7d2
- SSDEEP
  
  6144:c5G5RlzeUqntbabTty2g13glFyDZdCq0PfxGY:c5G5RUUguTE31QqddT0PZGY
Score

10^/10

revengerat execution stealer trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- RevengeRat Executable
  stealer
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

revengeratexecutionstealertrojan

behavioral2

revengeratexecutionstealertrojan

behavioral3

revengeratexecutionstealertrojan

© 2018-2024

Terms | Privacy