revengerat | ef7e26f9256f7c41a9c0834cce3ba599c4cbcc857ab87a7fcc4b50ccebe5b813 | Triage

Sharing

General

Target

Inquiry for PR#420002721.exe
Size

1.5MB
Sample

210607-98pvybcl3j
MD5

dde13188551677147b0011ba37b4c844
SHA1

055c798b8e54c4079a8b16df421571d09b5dc7b6
SHA256

ef7e26f9256f7c41a9c0834cce3ba599c4cbcc857ab87a7fcc4b50ccebe5b813
SHA512

3d8ad5274902b4e94fd49fab1879a8dead74656e4904d690813239874e4b4ff0bf9dab18bb6e9524bfebd2788c86d25f803f57833bde16feb045242664a5fb5e

Score

10^/10

revengerat degrace trojan

Malware Config

Extracted

Family

revengerat

Botnet

DEGRACE

C2

77.247.110.178:5040

Mutex

RV_MUTEX-MB4S0YIGA6UFWH10GXQLHP

Targets

- Target
  
  Inquiry for PR#420002721.exe
- Size
  
  1.5MB
- MD5
  
  dde13188551677147b0011ba37b4c844
- SHA1
  
  055c798b8e54c4079a8b16df421571d09b5dc7b6
- SHA256
  
  ef7e26f9256f7c41a9c0834cce3ba599c4cbcc857ab87a7fcc4b50ccebe5b813
- SHA512
  
  3d8ad5274902b4e94fd49fab1879a8dead74656e4904d690813239874e4b4ff0bf9dab18bb6e9524bfebd2788c86d25f803f57833bde16feb045242664a5fb5e
Score

10^/10

revengerat degrace trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

revengeratdegracetrojan

behavioral2

revengeratdegracetrojan