The trojan gathers system data and transfers it to C&C servers, Revenge RAT can be used to receive malicious ASM code and executed it in memory, and to manipulate the system registry with given values. In addition, the dropper installs another trojan – WSHRAT, the encrypted code of which is also contained in the Microsoft.vbs file. This trojan can be purchased by any attacker on the underground forums, and its current version has a wider range of capabilities than the Revenge RAT. WSHRAT is configured to exfiltrate information harvested from multiple browsers, act as a keylogger, and execute files.
It has not yet been established how this malware is distributed in the wild and who its main targets are. You can learn more about Revenge RAT and download the rules for its detection on Threat Detection Marketplace: https://tdm.socprime.com/att-ck/
You can also leverage the rules to detect malicious use of PowerShell commands to stop the attack in the early stages: https://tdm.socprime.com/