revengerat | 500c3af4e3ec5b1848c5ee00f7e8c83ab8c2dffaba1f0d871f4ddd9c5206ff0e | Triage

Sharing

General

Target

deb566538c2ed7fe275fee3405026dc0N
Size

903KB
Sample

240911-w9j5eswgmd
MD5

deb566538c2ed7fe275fee3405026dc0
SHA1

a65d4af6781250f8869ded27f65dec02bb4cc70c
SHA256

500c3af4e3ec5b1848c5ee00f7e8c83ab8c2dffaba1f0d871f4ddd9c5206ff0e
SHA512

cf439568c197c58faa5f6a98e122005e9217052194eeca4f5bc475c0325013628b51e33490d22bdfb36da69ad5e30d3d709a64e4b4d885a0dc1282200e17dae9
SSDEEP

24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa55:gh+ZkldoPK8YaKG5

Score

10^/10

revengerat marzo26 discovery trojan

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

- Target
  
  deb566538c2ed7fe275fee3405026dc0N
- Size
  
  903KB
- MD5
  
  deb566538c2ed7fe275fee3405026dc0
- SHA1
  
  a65d4af6781250f8869ded27f65dec02bb4cc70c
- SHA256
  
  500c3af4e3ec5b1848c5ee00f7e8c83ab8c2dffaba1f0d871f4ddd9c5206ff0e
- SHA512
  
  cf439568c197c58faa5f6a98e122005e9217052194eeca4f5bc475c0325013628b51e33490d22bdfb36da69ad5e30d3d709a64e4b4d885a0dc1282200e17dae9
- SSDEEP
  
  24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa55:gh+ZkldoPK8YaKG5
Score

10^/10

revengerat marzo26 discovery trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

revengeratmarzo26discoverytrojan

behavioral2

revengeratmarzo26discoverytrojan