revengerat | ccf8fd38fbff5bb992621e2c66ede988d4abea717d8c8d69d16de167ff63c7d4 | Triage

Sharing

General

Target

c5ed6fe15b2c56adc2f756529f782330N
Size

904KB
Sample

240911-hkx34aybje
MD5

c5ed6fe15b2c56adc2f756529f782330
SHA1

ec06f58a96398212e83ca7e7cd588ba5c0fd5180
SHA256

ccf8fd38fbff5bb992621e2c66ede988d4abea717d8c8d69d16de167ff63c7d4
SHA512

1bf36d0c2d41a8c3a286d4a927464da2d65fd262b41d658031659fd9de690a5994c833eb9476b3615ad45312ff16b949c7b945398676930a354cc361aac19e27
SSDEEP

24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5v:gh+ZkldoPK8YaKGv

Score

10^/10

revengerat marzo26 discovery trojan

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

- Target
  
  c5ed6fe15b2c56adc2f756529f782330N
- Size
  
  904KB
- MD5
  
  c5ed6fe15b2c56adc2f756529f782330
- SHA1
  
  ec06f58a96398212e83ca7e7cd588ba5c0fd5180
- SHA256
  
  ccf8fd38fbff5bb992621e2c66ede988d4abea717d8c8d69d16de167ff63c7d4
- SHA512
  
  1bf36d0c2d41a8c3a286d4a927464da2d65fd262b41d658031659fd9de690a5994c833eb9476b3615ad45312ff16b949c7b945398676930a354cc361aac19e27
- SSDEEP
  
  24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5v:gh+ZkldoPK8YaKGv
Score

10^/10

revengerat marzo26 discovery trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

revengeratmarzo26discoverytrojan

behavioral2

revengeratmarzo26discoverytrojan