revengerat | bbbfdbc415a875a5e84681b0a5c20f0e926b311d9c0a5525e0fca19ac9d47c0f | Triage

Sharing

General

Target

b3263f4c312c2795c8300981ba628a30N.exe
Size

904KB
Sample

240909-vr6p2asbqc
MD5

b3263f4c312c2795c8300981ba628a30
SHA1

611c7fa866697554ce2eaf134a82153ae65b71cc
SHA256

bbbfdbc415a875a5e84681b0a5c20f0e926b311d9c0a5525e0fca19ac9d47c0f
SHA512

a8aa6599e0c1ad3a1d177c4da0782df4a33500c3e364d660bf39cab20e237791a3504bdad7c1d3ace2be5fb1af901a2fa9425f297259b4d0b3e17915ea6d5db5
SSDEEP

24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5U:gh+ZkldoPK8YaKGU

Score

10^/10

revengerat marzo26 discovery trojan

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

- Target
  
  b3263f4c312c2795c8300981ba628a30N.exe
- Size
  
  904KB
- MD5
  
  b3263f4c312c2795c8300981ba628a30
- SHA1
  
  611c7fa866697554ce2eaf134a82153ae65b71cc
- SHA256
  
  bbbfdbc415a875a5e84681b0a5c20f0e926b311d9c0a5525e0fca19ac9d47c0f
- SHA512
  
  a8aa6599e0c1ad3a1d177c4da0782df4a33500c3e364d660bf39cab20e237791a3504bdad7c1d3ace2be5fb1af901a2fa9425f297259b4d0b3e17915ea6d5db5
- SSDEEP
  
  24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5U:gh+ZkldoPK8YaKGU
Score

10^/10

revengerat marzo26 discovery trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

revengeratmarzo26discoverytrojan

behavioral2

revengeratmarzo26discoverytrojan