revengerat | 1fb9b12a58e051bd689aa7de825ebf3dc0fb393944365f4b16951f378b9c029c | Triage

Sharing

General

Target

5a16c78c415cc3de77e0fc730b6d7780N.exe
Size

903KB
Sample

240822-ccghgswfjk
MD5

5a16c78c415cc3de77e0fc730b6d7780
SHA1

cc8ba5370d69640083dd0e4b0a8a7aedc667d9ac
SHA256

1fb9b12a58e051bd689aa7de825ebf3dc0fb393944365f4b16951f378b9c029c
SHA512

3405698940db8f9203abd4212d7c90088ae8c26c968d4a45bc30445fd6fcaf094d7ad5cebe807ca74dd4182dbd2f9b25ba08fb5a181fb5908c10b22561432e50
SSDEEP

24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5X:gh+ZkldoPK8YaKGX

Score

10^/10

revengerat marzo26 discovery trojan

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

- Target
  
  5a16c78c415cc3de77e0fc730b6d7780N.exe
- Size
  
  903KB
- MD5
  
  5a16c78c415cc3de77e0fc730b6d7780
- SHA1
  
  cc8ba5370d69640083dd0e4b0a8a7aedc667d9ac
- SHA256
  
  1fb9b12a58e051bd689aa7de825ebf3dc0fb393944365f4b16951f378b9c029c
- SHA512
  
  3405698940db8f9203abd4212d7c90088ae8c26c968d4a45bc30445fd6fcaf094d7ad5cebe807ca74dd4182dbd2f9b25ba08fb5a181fb5908c10b22561432e50
- SSDEEP
  
  24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5X:gh+ZkldoPK8YaKGX
Score

10^/10

revengerat marzo26 discovery trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

revengeratmarzo26discoverytrojan

behavioral2

revengeratmarzo26discoverytrojan