Overview

overview

10

Static

static

5

21a4c0f375...0N.exe

windows7-x64

10

21a4c0f375...0N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    21a4c0f3759bab8c5c9529503f527b40N.exe

  • Size

    904KB

  • Sample

    240726-sd4x6svdmn

  • MD5

    21a4c0f3759bab8c5c9529503f527b40

  • SHA1

    8fb2e521efb61a0bd53543596d94911b16a8124b

  • SHA256

    932470842c88f1315948ccc26be2b9340d051e5d6ec4b2ea5b64ddf625d9276a

  • SHA512

    70d8accfcac19dcbe6cb5bd7443790f31b16d4f3263f25f61fead3f4c7051903b264cf681c7315f2c3893561eaf0bf6deb38a28f4049c891629127db539dcf22

  • SSDEEP

    24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa58:gh+ZkldoPK8YaKG8

Score
10/10
revengeratmarzo26discoverytrojan

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

    • Target

      21a4c0f3759bab8c5c9529503f527b40N.exe

    • Size

      904KB

    • MD5

      21a4c0f3759bab8c5c9529503f527b40

    • SHA1

      8fb2e521efb61a0bd53543596d94911b16a8124b

    • SHA256

      932470842c88f1315948ccc26be2b9340d051e5d6ec4b2ea5b64ddf625d9276a

    • SHA512

      70d8accfcac19dcbe6cb5bd7443790f31b16d4f3263f25f61fead3f4c7051903b264cf681c7315f2c3893561eaf0bf6deb38a28f4049c891629127db539dcf22

    • SSDEEP

      24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa58:gh+ZkldoPK8YaKG8

    Score
    10/10
    revengeratmarzo26discoverytrojan

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

      trojanrevengerat

    • Drops startup file

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks