revengerat | 6ea4a97b20f89400c87256d7298ff2804a29d0d9a7383e6a61009a7106010ef7 | Triage

Sharing

General

Target

6ea4a97b20f89400c87256d7298ff2804a29d0d9a7383e6a61009a7106010ef7
Size

758KB
Sample

240612-l1py7sthkr
MD5

5c48a1ce93bf262a25bb6ba4a8250b6a
SHA1

6797a91bb7f9f1c65dd51b7d5193ac1a99889687
SHA256

6ea4a97b20f89400c87256d7298ff2804a29d0d9a7383e6a61009a7106010ef7
SHA512

bfd1553d9d0661685b9aac1d228374df16f67781a39b3762ff5608fbc1a2d39291a97ce724f408969c8d833ee8c28c809bf45927a9ae3e0a329021359f56afe2
SSDEEP

12288:5YiMhXO6LQc1zYvLGa8IhkB7dpmyA2RiSoch3cd16Z/NPclYXNpV9Y5Hpk99sxLO:5YiMhXnGDV8NB7dFL2d16ZVampPY5HI1

Score

10^/10

revengerat bootkit persistence stealer

Malware Config

Targets

- Target
  
  6ea4a97b20f89400c87256d7298ff2804a29d0d9a7383e6a61009a7106010ef7
- Size
  
  758KB
- MD5
  
  5c48a1ce93bf262a25bb6ba4a8250b6a
- SHA1
  
  6797a91bb7f9f1c65dd51b7d5193ac1a99889687
- SHA256
  
  6ea4a97b20f89400c87256d7298ff2804a29d0d9a7383e6a61009a7106010ef7
- SHA512
  
  bfd1553d9d0661685b9aac1d228374df16f67781a39b3762ff5608fbc1a2d39291a97ce724f408969c8d833ee8c28c809bf45927a9ae3e0a329021359f56afe2
- SSDEEP
  
  12288:5YiMhXO6LQc1zYvLGa8IhkB7dpmyA2RiSoch3cd16Z/NPclYXNpV9Y5Hpk99sxLO:5YiMhXnGDV8NB7dFL2d16ZVampPY5HI1
Score

7^/10
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  15KB
- MD5
  
  ece25721125d55aa26cdfe019c871476
- SHA1
  
  b87685ae482553823bf95e73e790de48dc0c11ba
- SHA256
  
  c7fef6457989d97fecc0616a69947927da9d8c493f7905dc8475c748f044f3cf
- SHA512
  
  4e384735d03c943f5eb3396bb3a9cb42c9d8a5479fe2871de5b8bc18db4bbd6e2c5f8fd71b6840512a7249e12a1c63e0e760417e4baa3dc30f51375588410480
- SSDEEP
  
  384:EXsC43tPegZ3eBaRwCPOYY7nNYXC06/Yosa:EXJTgZ3eBTCmrnNA5p
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/LangDLL.dll
- Size
  
  5KB
- MD5
  
  68b287f4067ba013e34a1339afdb1ea8
- SHA1
  
  45ad585b3cc8e5a6af7b68f5d8269c97992130b3
- SHA256
  
  18e8b40ba22c7a1687bd16e8d585380bc2773fff5002d7d67e9485fcc0c51026
- SHA512
  
  06c38bbb07fb55256f3cdc24e77b3c8f3214f25bfd140b521a39d167113bf307a7e8d24e445d510bc5e4e41d33c9173bb14e3f2a38bc29a0e3d08c1f0dca4bdb
- SSDEEP
  
  48:S46+/nTKYKxbWsptIpBtWZ0iV8jAWiAJCvxft2O2B8mFofjLl:zFuPbOBtWZBV8jAWiAJCdv2Cm0L
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  cff85c549d536f651d4fb8387f1976f2
- SHA1
  
  d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e
- SHA256
  
  8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8
- SHA512
  
  531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88
- SSDEEP
  
  192:Zjvco0qWTlt70m5Aj/lQ0sEWD/wtYbBHFNaDybC7y+XBz0QPi:FHQlt70mij/lQRv/9VMjzr
Score

3^/10
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  9KB
- MD5
  
  6c3f8c94d0727894d706940a8a980543
- SHA1
  
  0d1bcad901be377f38d579aafc0c41c0ef8dcefd
- SHA256
  
  56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2
- SHA512
  
  2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355
- SSDEEP
  
  96:o0svUu3Uy+sytcS8176b+XR8pCHFcMcxSgB5PKtAtgt+Nt+rnt3DVEB3YcNqkzfS:o0svWyNO81b8pCHFcM0PuAgkOyuIFc
Score

3^/10
behavioral10 behavioral9
- Target
  
  JCleaner.exe
- Size
  
  1.3MB
- MD5
  
  19f92c663d5e9b226309aa87e28261d2
- SHA1
  
  64cea83eb6ee0643ed6f3336b232a6ce9a47eaa5
- SHA256
  
  8a1e45ec8a5b3c0bd3113ef6ce28a6835584b3fd00e3c2dfd43fb2e97747722f
- SHA512
  
  0fef84f11855566cf143deea4162b79e8dad005701797cf1cc09ff3306ecd5e066937cf4feedad7c7450a3f1392cd9ffdd3836579e38e8a8d7f28c37aad44e19
- SSDEEP
  
  24576:TME34JHXxFD2RAh3DK230OSRBF8EdCmD4HzGb2G:dQHhMAVDK23/YzdCY4Sn
Score

6^/10

bootkit persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral11 behavioral12
- Target
  
  Schedule.exe
- Size
  
  109KB
- MD5
  
  728a2c9b29e3e741a8877e8dd87bd448
- SHA1
  
  3bf3b8c9a9e5b5acc40a544a2545509e7943f97a
- SHA256
  
  bbab8ac10079facf49878a389a3462757f031499c5b954d386c641e42733a937
- SHA512
  
  2c9be16a1d60a8cdfeeb8baf74479478649e3d28ad537f005a874b3f36450ff91fe16148c25228e440379ab7683519c4abc22ada35cde3ef9b787f7d5e872f13
- SSDEEP
  
  1536:Hu5nmlloRM/T7t/Gzp4+PFpK1l7t/Gzq4+PFTKiEvNzTYwNQ+8iAi:Hu5uloRMLlEppW1llEqpAiEvNnkDi
Score

1^/10
behavioral13 behavioral14

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

stealerrevengerat

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

bootkitpersistence

behavioral12

bootkitpersistence

behavioral13

behavioral14