revengerat | 883836974a9d9f0a1d336b46d53fe3ad3abe62230e41ed46c338326d1877996e | Triage

Sharing

General

Target

ee22d8189b9ab044ccfa08b17bef7a10N.exe
Size

904KB
Sample

240823-14nb4ssbkn
MD5

ee22d8189b9ab044ccfa08b17bef7a10
SHA1

bdc229396bc043cac4c904886b0d76d1068bf01c
SHA256

883836974a9d9f0a1d336b46d53fe3ad3abe62230e41ed46c338326d1877996e
SHA512

4377593c10f2533acb1ef8f167dcaecc99803537f0de41986eda7ff504e3342c5421b4c2a915f818ebd53ca1b48fec8c51397b79c98be80ff0125c3e1694d6f4
SSDEEP

24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5t:gh+ZkldoPK8YaKGt

Score

10^/10

revengerat marzo26 discovery trojan

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

- Target
  
  ee22d8189b9ab044ccfa08b17bef7a10N.exe
- Size
  
  904KB
- MD5
  
  ee22d8189b9ab044ccfa08b17bef7a10
- SHA1
  
  bdc229396bc043cac4c904886b0d76d1068bf01c
- SHA256
  
  883836974a9d9f0a1d336b46d53fe3ad3abe62230e41ed46c338326d1877996e
- SHA512
  
  4377593c10f2533acb1ef8f167dcaecc99803537f0de41986eda7ff504e3342c5421b4c2a915f818ebd53ca1b48fec8c51397b79c98be80ff0125c3e1694d6f4
- SSDEEP
  
  24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5t:gh+ZkldoPK8YaKGt
Score

10^/10

revengerat marzo26 discovery trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

revengeratmarzo26discoverytrojan

behavioral2

revengeratmarzo26discoverytrojan