revengerat | 05233a50ac2c427372ab8475a2f4dc5f031f87af0cc916dc824a2c66837afc4e | Triage

Sharing

General

Target

MID REF. QT-MID19=11777.exe
Size

991KB
Sample

210607-l73rvl7mvx
MD5

39082bcd7e25ae956fccb7e941d5256d
SHA1

8b4f9fd2198af765dcce75c0222919c638e4fa29
SHA256

05233a50ac2c427372ab8475a2f4dc5f031f87af0cc916dc824a2c66837afc4e
SHA512

dff7aba7f2e5bb65d1aa506a1f6770f4f7761aa17f28bfcdaca407b0aa7ae3b6bf0fd3599fc0dd979418313c4aa26930aec99ed89ba420811cdce9010940f41c

Score

10^/10

revengerat degrace trojan

Malware Config

Extracted

Family

revengerat

Botnet

DEGRACE

C2

77.247.110.178:5040

Mutex

RV_MUTEX-MB4S0YIGA6UFWH10GXQLHP

Targets

- Target
  
  MID REF. QT-MID19=11777.exe
- Size
  
  991KB
- MD5
  
  39082bcd7e25ae956fccb7e941d5256d
- SHA1
  
  8b4f9fd2198af765dcce75c0222919c638e4fa29
- SHA256
  
  05233a50ac2c427372ab8475a2f4dc5f031f87af0cc916dc824a2c66837afc4e
- SHA512
  
  dff7aba7f2e5bb65d1aa506a1f6770f4f7761aa17f28bfcdaca407b0aa7ae3b6bf0fd3599fc0dd979418313c4aa26930aec99ed89ba420811cdce9010940f41c
Score

10^/10

revengerat degrace trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

revengeratdegracetrojan

behavioral2

revengeratdegracetrojan