revengerat | 37b319541d45bfb21b89977e579d81b161c55d24e580a455b0fb2d1dbb471e69 | Triage

Sharing

General

Target

37b319541d45bfb21b89977e579d81b161c55d24e580a455b0fb2d1dbb471e69
Size

55KB
Sample

220502-wxedeafcej
MD5

e62a598e2a43efb4aa080455d70ad9c4
SHA1

ec296fd2130c41479c9743fb93cdaab8675882d6
SHA256

37b319541d45bfb21b89977e579d81b161c55d24e580a455b0fb2d1dbb471e69
SHA512

593e714e18181f95b2f25bc556f0ee3e9ed26981d4611eeb7516c7453405387562ab693dd24df39019d226e14352b4095fe8a787e4c8723fa1e51649d9000d29

Score

10^/10

revengerat mr_ahmed trojan

Malware Config

Extracted

Family

revengerat

Botnet

MR_ahmed

C2

192.168.1.2:333

Mutex

9f8d2a8cc3e644

Targets

- Target
  
  37b319541d45bfb21b89977e579d81b161c55d24e580a455b0fb2d1dbb471e69
- Size
  
  55KB
- MD5
  
  e62a598e2a43efb4aa080455d70ad9c4
- SHA1
  
  ec296fd2130c41479c9743fb93cdaab8675882d6
- SHA256
  
  37b319541d45bfb21b89977e579d81b161c55d24e580a455b0fb2d1dbb471e69
- SHA512
  
  593e714e18181f95b2f25bc556f0ee3e9ed26981d4611eeb7516c7453405387562ab693dd24df39019d226e14352b4095fe8a787e4c8723fa1e51649d9000d29
Score

10^/10

revengerat mr_ahmed trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Drops startup file
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

Credential Access

Discovery

Remote System Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

revengeratmr_ahmedtrojan