revengerat | dc9f9ea5a8dc888825beff4a93f9b4909d4f55b83d1bb19360aec3e5aa53568d | Triage

Sharing

General

Target

dc9f9ea5a8dc888825beff4a93f9b4909d4f55b83d1bb19360aec3e5aa53568d
Size

903KB
Sample

240817-graeya1alg
MD5

ae83bfc2f6148d415179d7d37ee7c704
SHA1

a1362d21cb6f823709453a18ec37839e247d73a8
SHA256

dc9f9ea5a8dc888825beff4a93f9b4909d4f55b83d1bb19360aec3e5aa53568d
SHA512

92444ffd4e65986a9aae10faa34ef83d1d265187c9174de4ebe366dd2b0124bc3096400204c2b1b875433d8b578a79139793cc971daaa609da07d8a088ae68b5
SSDEEP

24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5V:gh+ZkldoPK8YaKGV

Score

10^/10

revengerat marzo26 discovery trojan

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

- Target
  
  dc9f9ea5a8dc888825beff4a93f9b4909d4f55b83d1bb19360aec3e5aa53568d
- Size
  
  903KB
- MD5
  
  ae83bfc2f6148d415179d7d37ee7c704
- SHA1
  
  a1362d21cb6f823709453a18ec37839e247d73a8
- SHA256
  
  dc9f9ea5a8dc888825beff4a93f9b4909d4f55b83d1bb19360aec3e5aa53568d
- SHA512
  
  92444ffd4e65986a9aae10faa34ef83d1d265187c9174de4ebe366dd2b0124bc3096400204c2b1b875433d8b578a79139793cc971daaa609da07d8a088ae68b5
- SSDEEP
  
  24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5V:gh+ZkldoPK8YaKGV
Score

10^/10

revengerat marzo26 discovery trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

revengeratmarzo26discoverytrojan

behavioral2

revengeratmarzo26discoverytrojan