revengerat | b5fc127b3ab0a786825dbcfbd811a9c18c91e683ef906b385cd874cfe2c7f4b8 | Triage

Sharing

General

Target

878ea231e702050cb928769f99652980N.exe
Size

903KB
Sample

240814-3q2cxsxdrp
MD5

878ea231e702050cb928769f99652980
SHA1

eefcdfabaffb3221bd2acf0daf089ac2174a376e
SHA256

b5fc127b3ab0a786825dbcfbd811a9c18c91e683ef906b385cd874cfe2c7f4b8
SHA512

124c2702353b0c77ad023051153062eed6ff7077caa3ee83499faa01aa6c12a15b7664f8a1b5723982b5a616d013309e2ddd0c4d604d21063afdc3033e832c83
SSDEEP

24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa53:gh+ZkldoPK8YaKG3

Score

10^/10

revengerat marzo26 discovery trojan

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

- Target
  
  878ea231e702050cb928769f99652980N.exe
- Size
  
  903KB
- MD5
  
  878ea231e702050cb928769f99652980
- SHA1
  
  eefcdfabaffb3221bd2acf0daf089ac2174a376e
- SHA256
  
  b5fc127b3ab0a786825dbcfbd811a9c18c91e683ef906b385cd874cfe2c7f4b8
- SHA512
  
  124c2702353b0c77ad023051153062eed6ff7077caa3ee83499faa01aa6c12a15b7664f8a1b5723982b5a616d013309e2ddd0c4d604d21063afdc3033e832c83
- SSDEEP
  
  24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa53:gh+ZkldoPK8YaKG3
Score

10^/10

revengerat marzo26 discovery trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

revengeratmarzo26discoverytrojan

behavioral2

revengeratmarzo26discoverytrojan