revengerat | 38f6423e6669dd9e51f99c9006bbec7a04d40934833a424f4a6f98cb96fe69dd | Triage

Sharing

General

Target

86d655fd48aa2707190814876b70d0a0N
Size

904KB
Sample

240909-xevs4stdpk
MD5

86d655fd48aa2707190814876b70d0a0
SHA1

c2beb039c25baf64c783f39f9cc5ab74b0bfb987
SHA256

38f6423e6669dd9e51f99c9006bbec7a04d40934833a424f4a6f98cb96fe69dd
SHA512

3e48f4d92d7ed5fe71f78e40050ca8e5bb852a6cdd8c4f7af8474133bd7f404ebd926a409d4d871c46c8131714087dd4f3c186036bbb34c20eee31b087ec1495
SSDEEP

24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5e:gh+ZkldoPK8YaKGe

Score

10^/10

revengerat marzo26 discovery trojan

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

- Target
  
  86d655fd48aa2707190814876b70d0a0N
- Size
  
  904KB
- MD5
  
  86d655fd48aa2707190814876b70d0a0
- SHA1
  
  c2beb039c25baf64c783f39f9cc5ab74b0bfb987
- SHA256
  
  38f6423e6669dd9e51f99c9006bbec7a04d40934833a424f4a6f98cb96fe69dd
- SHA512
  
  3e48f4d92d7ed5fe71f78e40050ca8e5bb852a6cdd8c4f7af8474133bd7f404ebd926a409d4d871c46c8131714087dd4f3c186036bbb34c20eee31b087ec1495
- SSDEEP
  
  24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5e:gh+ZkldoPK8YaKGe
Score

10^/10

revengerat marzo26 discovery trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

revengeratmarzo26discoverytrojan

behavioral2

revengeratmarzo26discoverytrojan