revengerat | dcb6c9dffa419e9be5bfc5850ee9dff6c4450af316006321e31ff87e9fea07c5 | Triage

Sharing

General

Target

1a3683e7a5941cc6270a0f9bb316c1e0N.exe
Size

903KB
Sample

240817-lh895asanl
MD5

1a3683e7a5941cc6270a0f9bb316c1e0
SHA1

480931d265470772e0f1391cdc6845d7aa8ef958
SHA256

dcb6c9dffa419e9be5bfc5850ee9dff6c4450af316006321e31ff87e9fea07c5
SHA512

14e700c13aeaae4820f07a3d0d4feb67bac6b022cefe156f9bd7e74fe77b636914f94b2f35f2d1376416a1e87857859afcd329e7017bf0c89d666438b843ce43
SSDEEP

24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5h:gh+ZkldoPK8YaKGh

Score

10^/10

revengerat marzo26 discovery trojan

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

- Target
  
  1a3683e7a5941cc6270a0f9bb316c1e0N.exe
- Size
  
  903KB
- MD5
  
  1a3683e7a5941cc6270a0f9bb316c1e0
- SHA1
  
  480931d265470772e0f1391cdc6845d7aa8ef958
- SHA256
  
  dcb6c9dffa419e9be5bfc5850ee9dff6c4450af316006321e31ff87e9fea07c5
- SHA512
  
  14e700c13aeaae4820f07a3d0d4feb67bac6b022cefe156f9bd7e74fe77b636914f94b2f35f2d1376416a1e87857859afcd329e7017bf0c89d666438b843ce43
- SSDEEP
  
  24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5h:gh+ZkldoPK8YaKGh
Score

10^/10

revengerat marzo26 discovery trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

revengeratmarzo26discoverytrojan

behavioral2

revengeratmarzo26discoverytrojan