Overview

overview

10

Static

static

5

475f23cc76...0N.exe

windows7-x64

10

475f23cc76...0N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    475f23cc765f0a979154fad8a2bff570N.exe

  • Size

    904KB

  • Sample

    240801-gt9b2szepf

  • MD5

    475f23cc765f0a979154fad8a2bff570

  • SHA1

    8890fbcc0f424ccfa15dbacc3b14ffb987f617fb

  • SHA256

    b167604d7b47ff41a239684323f31f0161f127c21763f010c39e0ca1a3fb9991

  • SHA512

    d2b6f91ddfb07110785a84e58ce1d5df78efa773cc91e19874121c91f83934646928b5ae7e0719aa7bdceb98426ed87197fe9b2061675ee9b7cb754269fe23c6

  • SSDEEP

    24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5F:gh+ZkldoPK8YaKGF

Score
10/10
revengeratmarzo26discoverytrojan

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

    • Target

      475f23cc765f0a979154fad8a2bff570N.exe

    • Size

      904KB

    • MD5

      475f23cc765f0a979154fad8a2bff570

    • SHA1

      8890fbcc0f424ccfa15dbacc3b14ffb987f617fb

    • SHA256

      b167604d7b47ff41a239684323f31f0161f127c21763f010c39e0ca1a3fb9991

    • SHA512

      d2b6f91ddfb07110785a84e58ce1d5df78efa773cc91e19874121c91f83934646928b5ae7e0719aa7bdceb98426ed87197fe9b2061675ee9b7cb754269fe23c6

    • SSDEEP

      24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5F:gh+ZkldoPK8YaKGF

    Score
    10/10
    revengeratmarzo26discoverytrojan

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

      trojanrevengerat

    • Drops startup file

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks