revengerat | e09930dcdeed8a5239a7735b759ee8ff7b9cb0316422a524de95a9436e722f9d | Triage

Sharing

General

Target

317aff6b4325d381399328707177b130N.exe
Size

903KB
Sample

240801-de1vksyaqr
MD5

317aff6b4325d381399328707177b130
SHA1

0f78ccc85108a668f8572cc5cfd9921e8239a7d2
SHA256

e09930dcdeed8a5239a7735b759ee8ff7b9cb0316422a524de95a9436e722f9d
SHA512

a90c4478ca26d66e28e0b2258b7ad043048af8ce3d602bca107a572c4378be1912320e28770eeec457608c0e2861e0ed31876a8b08f2bb90226ad756c285708c
SSDEEP

24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5v:gh+ZkldoPK8YaKGv

Score

10^/10

revengerat marzo26 discovery trojan

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

- Target
  
  317aff6b4325d381399328707177b130N.exe
- Size
  
  903KB
- MD5
  
  317aff6b4325d381399328707177b130
- SHA1
  
  0f78ccc85108a668f8572cc5cfd9921e8239a7d2
- SHA256
  
  e09930dcdeed8a5239a7735b759ee8ff7b9cb0316422a524de95a9436e722f9d
- SHA512
  
  a90c4478ca26d66e28e0b2258b7ad043048af8ce3d602bca107a572c4378be1912320e28770eeec457608c0e2861e0ed31876a8b08f2bb90226ad756c285708c
- SSDEEP
  
  24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5v:gh+ZkldoPK8YaKGv
Score

10^/10

revengerat marzo26 discovery trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

revengeratmarzo26discoverytrojan

behavioral2

revengeratmarzo26discoverytrojan