revengerat | ddcca004e01c764a4bcaafbb2369a06dbe35d9b89aeda693ba97fed28b07f4ad | Triage

Sharing

General

Target

fd7fb37c9f59f612bbdbf4f015e41e40N.exe
Size

904KB
Sample

240816-29xcmstckg
MD5

fd7fb37c9f59f612bbdbf4f015e41e40
SHA1

0f856ef8f59234c444ba46c0617c376b14806f05
SHA256

ddcca004e01c764a4bcaafbb2369a06dbe35d9b89aeda693ba97fed28b07f4ad
SHA512

69a56e2c006a53c9574805db4791fde5be2dfbe06156e9f61264e2e5238d45974bc98396851019d780c09aa25d0de4792747303b2e790ca5da8cab2a85532e05
SSDEEP

24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5C:gh+ZkldoPK8YaKGC

Score

10^/10

revengerat marzo26 discovery trojan

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

- Target
  
  fd7fb37c9f59f612bbdbf4f015e41e40N.exe
- Size
  
  904KB
- MD5
  
  fd7fb37c9f59f612bbdbf4f015e41e40
- SHA1
  
  0f856ef8f59234c444ba46c0617c376b14806f05
- SHA256
  
  ddcca004e01c764a4bcaafbb2369a06dbe35d9b89aeda693ba97fed28b07f4ad
- SHA512
  
  69a56e2c006a53c9574805db4791fde5be2dfbe06156e9f61264e2e5238d45974bc98396851019d780c09aa25d0de4792747303b2e790ca5da8cab2a85532e05
- SSDEEP
  
  24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5C:gh+ZkldoPK8YaKGC
Score

10^/10

revengerat marzo26 discovery trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

revengeratmarzo26discoverytrojan

behavioral2

revengeratmarzo26discoverytrojan