revengerat | 9ef9c14e2af24dd1a3cfd832e000416404600328cc651da264fb76e1b1fbcada | Triage

Sharing

General

Target

135d4155bc223bfa3d62664b13f1e260N.exe
Size

904KB
Sample

240815-rg7msswale
MD5

135d4155bc223bfa3d62664b13f1e260
SHA1

55e88f7cc18822bb34e06029e3ed09e09928d4a4
SHA256

9ef9c14e2af24dd1a3cfd832e000416404600328cc651da264fb76e1b1fbcada
SHA512

efaf8d329fde0a8eea9bfdea45d100b65d94ce9c2c02a3e3e2116b952e1374a67375e79e9c88ae5c0ff37292d7a55f3aa1c390fd606db2a96d580d47150d5a97
SSDEEP

24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5A:gh+ZkldoPK8YaKGA

Score

10^/10

revengerat marzo26 discovery trojan

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

- Target
  
  135d4155bc223bfa3d62664b13f1e260N.exe
- Size
  
  904KB
- MD5
  
  135d4155bc223bfa3d62664b13f1e260
- SHA1
  
  55e88f7cc18822bb34e06029e3ed09e09928d4a4
- SHA256
  
  9ef9c14e2af24dd1a3cfd832e000416404600328cc651da264fb76e1b1fbcada
- SHA512
  
  efaf8d329fde0a8eea9bfdea45d100b65d94ce9c2c02a3e3e2116b952e1374a67375e79e9c88ae5c0ff37292d7a55f3aa1c390fd606db2a96d580d47150d5a97
- SSDEEP
  
  24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5A:gh+ZkldoPK8YaKGA
Score

10^/10

revengerat marzo26 discovery trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

revengeratmarzo26discoverytrojan

behavioral2

revengeratmarzo26discoverytrojan