revengerat | 623e5ce3cdf816238685c37cc091c01ec3131aa0982291864b221b991ad7df1f | Triage

Submit
Reports

Overview

overview

Static

static

5

623e5ce3cd...1f.exe

windows7-x64

623e5ce3cd...1f.exe

windows10-2004-x64

Sharing

General

Target

623e5ce3cdf816238685c37cc091c01ec3131aa0982291864b221b991ad7df1f
Size

951KB
Sample

240723-1527na1hmq
MD5

e8a18522ac420c41bf960009251519de
SHA1

233dafbc95ef3047d8ce6b292683962115179b27
SHA256

623e5ce3cdf816238685c37cc091c01ec3131aa0982291864b221b991ad7df1f
SHA512

206a209945373d8cf1d8ddb38453195c3180372220958c82aaab84312d256003dd07f8947f8bc8dd89e1653a696d7dc6a6c0708cacb75d526e40f61a99527802
SSDEEP

24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT5Y:Rh+ZkldDPK8YaKjY

Score

10^/10

revengerat marzo26 discovery trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

623e5ce3cdf816238685c37cc091c01ec3131aa0982291864b221b991ad7df1f.exe

Resource

win7-20240705-en

revengerat marzo26 discovery trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

623e5ce3cdf816238685c37cc091c01ec3131aa0982291864b221b991ad7df1f.exe

Resource

win10v2004-20240709-en

revengerat marzo26 discovery trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

- Target
  
  623e5ce3cdf816238685c37cc091c01ec3131aa0982291864b221b991ad7df1f
- Size
  
  951KB
- MD5
  
  e8a18522ac420c41bf960009251519de
- SHA1
  
  233dafbc95ef3047d8ce6b292683962115179b27
- SHA256
  
  623e5ce3cdf816238685c37cc091c01ec3131aa0982291864b221b991ad7df1f
- SHA512
  
  206a209945373d8cf1d8ddb38453195c3180372220958c82aaab84312d256003dd07f8947f8bc8dd89e1653a696d7dc6a6c0708cacb75d526e40f61a99527802
- SSDEEP
  
  24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT5Y:Rh+ZkldDPK8YaKjY
Score

10^/10

revengerat marzo26 discovery trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Drops startup file
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

revengeratmarzo26discoverytrojan

behavioral2

revengeratmarzo26discoverytrojan

© 2018-2024

Terms | Privacy