revengerat | 01d7b9d2e4d7f810bb2b8d01729727c886d0cfc040ed6154f013c04cd9262710 | Triage

Sharing

General

Target

8f57c881623d03aa46001bd9c08487d0N.exe
Size

904KB
Sample

240905-n3qdvszenl
MD5

8f57c881623d03aa46001bd9c08487d0
SHA1

00a316d54b1dc0a73411f9122e9a942e2071f931
SHA256

01d7b9d2e4d7f810bb2b8d01729727c886d0cfc040ed6154f013c04cd9262710
SHA512

3716792789a459b37999dc4e63a356f30954492b9e8bb059b2c4d1ca891ccafd1527ed749f8a0b105167e2ce905db1cde01020c7eacaae7b6a8ad8314da976e6
SSDEEP

24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5H:gh+ZkldoPK8YaKGH

Score

10^/10

revengerat marzo26 discovery trojan

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

- Target
  
  8f57c881623d03aa46001bd9c08487d0N.exe
- Size
  
  904KB
- MD5
  
  8f57c881623d03aa46001bd9c08487d0
- SHA1
  
  00a316d54b1dc0a73411f9122e9a942e2071f931
- SHA256
  
  01d7b9d2e4d7f810bb2b8d01729727c886d0cfc040ed6154f013c04cd9262710
- SHA512
  
  3716792789a459b37999dc4e63a356f30954492b9e8bb059b2c4d1ca891ccafd1527ed749f8a0b105167e2ce905db1cde01020c7eacaae7b6a8ad8314da976e6
- SSDEEP
  
  24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5H:gh+ZkldoPK8YaKGH
Score

10^/10

revengerat marzo26 discovery trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

revengeratmarzo26discoverytrojan

behavioral2

revengeratmarzo26discoverytrojan