revengerat | 932470842c88f1315948ccc26be2b9340d051e5d6ec4b2ea5b64ddf625d9276a | Triage

Sharing

General

Target

21a4c0f3759bab8c5c9529503f527b40N.exe
Size

904KB
Sample

240726-sd4x6svdmn
MD5

21a4c0f3759bab8c5c9529503f527b40
SHA1

8fb2e521efb61a0bd53543596d94911b16a8124b
SHA256

932470842c88f1315948ccc26be2b9340d051e5d6ec4b2ea5b64ddf625d9276a
SHA512

70d8accfcac19dcbe6cb5bd7443790f31b16d4f3263f25f61fead3f4c7051903b264cf681c7315f2c3893561eaf0bf6deb38a28f4049c891629127db539dcf22
SSDEEP

24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa58:gh+ZkldoPK8YaKG8

Score

10^/10

revengerat marzo26 discovery trojan

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

- Target
  
  21a4c0f3759bab8c5c9529503f527b40N.exe
- Size
  
  904KB
- MD5
  
  21a4c0f3759bab8c5c9529503f527b40
- SHA1
  
  8fb2e521efb61a0bd53543596d94911b16a8124b
- SHA256
  
  932470842c88f1315948ccc26be2b9340d051e5d6ec4b2ea5b64ddf625d9276a
- SHA512
  
  70d8accfcac19dcbe6cb5bd7443790f31b16d4f3263f25f61fead3f4c7051903b264cf681c7315f2c3893561eaf0bf6deb38a28f4049c891629127db539dcf22
- SSDEEP
  
  24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa58:gh+ZkldoPK8YaKG8
Score

10^/10

revengerat marzo26 discovery trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

revengeratmarzo26discoverytrojan

behavioral2

revengeratmarzo26discoverytrojan