revengerat | 477ac92ebb5b2ef91044f79e8e9e9b5f5f14a413c1a3960223e8645a89e739aa | Triage

Sharing

General

Target

b48b0325a0c763d60d36d4d240231830N
Size

904KB
Sample

240911-fgz26stcnp
MD5

b48b0325a0c763d60d36d4d240231830
SHA1

c9847aeece3d10824f65c6e7d6106a216910710a
SHA256

477ac92ebb5b2ef91044f79e8e9e9b5f5f14a413c1a3960223e8645a89e739aa
SHA512

0e91dfd3e6c5467818d3303ab36273a23e38ac0e66cecdc48c128e57bd26bb0884010da0c7be85723abba2593dcf79035adab620be5dc0b6fd46a55e18fadbe8
SSDEEP

24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5p:gh+ZkldoPK8YaKGp

Score

10^/10

revengerat marzo26 discovery trojan

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

- Target
  
  b48b0325a0c763d60d36d4d240231830N
- Size
  
  904KB
- MD5
  
  b48b0325a0c763d60d36d4d240231830
- SHA1
  
  c9847aeece3d10824f65c6e7d6106a216910710a
- SHA256
  
  477ac92ebb5b2ef91044f79e8e9e9b5f5f14a413c1a3960223e8645a89e739aa
- SHA512
  
  0e91dfd3e6c5467818d3303ab36273a23e38ac0e66cecdc48c128e57bd26bb0884010da0c7be85723abba2593dcf79035adab620be5dc0b6fd46a55e18fadbe8
- SSDEEP
  
  24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5p:gh+ZkldoPK8YaKGp
Score

10^/10

revengerat marzo26 discovery trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

revengeratmarzo26discoverytrojan

behavioral2

revengeratmarzo26discoverytrojan