revengerat | 5ea04367b2077d6a2401cc9a7d3344fbb174f2cbd1d6b72c4af6d3372c432f7e | Triage

Sharing

General

Target

5ea04367b2077d6a2401cc9a7d3344fbb174f2cbd1d6b72c4af6d3372c432f7e
Size

904KB
Sample

240912-22cchazfjk
MD5

19b1be2298778216d595c8f9e46e36dd
SHA1

f7d0659dad2e730e67e259ff2996d327d0fec824
SHA256

5ea04367b2077d6a2401cc9a7d3344fbb174f2cbd1d6b72c4af6d3372c432f7e
SHA512

4bb0594dd036dc6ca4af4b7863aa0a98199f520dd3b706582c35f33d9525a7b4490da56ad186c1c19ea5d2e64a9bf7ad598fe7876a0b167044bbde09710cc133
SSDEEP

24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5V:gh+ZkldoPK8YaKGV

Score

10^/10

revengerat marzo26 discovery trojan

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

- Target
  
  5ea04367b2077d6a2401cc9a7d3344fbb174f2cbd1d6b72c4af6d3372c432f7e
- Size
  
  904KB
- MD5
  
  19b1be2298778216d595c8f9e46e36dd
- SHA1
  
  f7d0659dad2e730e67e259ff2996d327d0fec824
- SHA256
  
  5ea04367b2077d6a2401cc9a7d3344fbb174f2cbd1d6b72c4af6d3372c432f7e
- SHA512
  
  4bb0594dd036dc6ca4af4b7863aa0a98199f520dd3b706582c35f33d9525a7b4490da56ad186c1c19ea5d2e64a9bf7ad598fe7876a0b167044bbde09710cc133
- SSDEEP
  
  24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5V:gh+ZkldoPK8YaKGV
Score

10^/10

revengerat marzo26 discovery trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

revengeratmarzo26discoverytrojan

behavioral2

revengeratmarzo26discoverytrojan