revengerat | 86ff5481ed934d43bc54c3a0d9989958c0de24aec0fb74404dac36a594193ed2 | Triage

Sharing

General

Target

Inquiry for PR#4200027219 2.exe
Size

999KB
Sample

210607-dtg136l3be
MD5

97ef10ac31850230463b782f6739b5b5
SHA1

4d371844e5961b734c69da1d51d288b295a40961
SHA256

86ff5481ed934d43bc54c3a0d9989958c0de24aec0fb74404dac36a594193ed2
SHA512

d465dcd228c6920e31030fa06b8168815081a9012f6c3fc45de853537058b13de716cebb1af6964dab0ecdfb33969ea3e247da9081c5b7e13f24e1d0c15c5a60

Score

10^/10

revengerat degrace trojan

Malware Config

Extracted

Family

revengerat

Botnet

DEGRACE

C2

77.247.110.178:5040

Mutex

RV_MUTEX-MB4S0YIGA6UFWH10GXQLHP

Targets

- Target
  
  Inquiry for PR#4200027219 2.exe
- Size
  
  999KB
- MD5
  
  97ef10ac31850230463b782f6739b5b5
- SHA1
  
  4d371844e5961b734c69da1d51d288b295a40961
- SHA256
  
  86ff5481ed934d43bc54c3a0d9989958c0de24aec0fb74404dac36a594193ed2
- SHA512
  
  d465dcd228c6920e31030fa06b8168815081a9012f6c3fc45de853537058b13de716cebb1af6964dab0ecdfb33969ea3e247da9081c5b7e13f24e1d0c15c5a60
Score

10^/10

revengerat degrace trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

revengeratdegracetrojan

behavioral2

revengeratdegracetrojan