revengerat | cb9bb33d33ae493a7616a62cae19fb7c127c596a834543e78735e894d4225f42 | Triage

Sharing

General

Target

Client.exe
Size

5.0MB
Sample

240727-znkqls1fnf
MD5

6663483929f325b3fe2f8a351787aebf
SHA1

eaef70212f2f361a3167340d7c76e07246f1e427
SHA256

cb9bb33d33ae493a7616a62cae19fb7c127c596a834543e78735e894d4225f42
SHA512

12d51bd6328fd6a7572c97fdd3ac7b5d74dfd1379d5553f890af6c5a2effa65c61ecb78588fddac239881391ed9e2831f65a6f70e83a7047b980bcd4cb501eb9
SSDEEP

3072:iEQ5B9LypBTl57/zzTx+feymDt9SYzOP+:iupBvLzTIf4Df7zOP+

Score

10^/10

revengerat guest discovery trojan

Malware Config

Extracted

Family

revengerat

Botnet

Guest

C2

0.tcp.eu.ngrok.io:8848

Mutex

RV_MUTEX

Targets

- Target
  
  Client.exe
- Size
  
  5.0MB
- MD5
  
  6663483929f325b3fe2f8a351787aebf
- SHA1
  
  eaef70212f2f361a3167340d7c76e07246f1e427
- SHA256
  
  cb9bb33d33ae493a7616a62cae19fb7c127c596a834543e78735e894d4225f42
- SHA512
  
  12d51bd6328fd6a7572c97fdd3ac7b5d74dfd1379d5553f890af6c5a2effa65c61ecb78588fddac239881391ed9e2831f65a6f70e83a7047b980bcd4cb501eb9
- SSDEEP
  
  3072:iEQ5B9LypBTl57/zzTx+feymDt9SYzOP+:iupBvLzTIf4Df7zOP+
Score

10^/10

revengerat guest discovery trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

guestrevengerat

behavioral1

revengeratguestdiscoverytrojan