revengerat | 7b9592607b5d459f9a77df861c51600aa451aeb465a968ae2f0f6b4942c29144 | Triage

Sharing

General

Target

4e8a98b0c0f1c50332be45e3fdbe40c0N
Size

904KB
Sample

240914-2phczs1dkp
MD5

4e8a98b0c0f1c50332be45e3fdbe40c0
SHA1

c4bf5703a46973abb93c0b7bc83f1cf54c8a7a0c
SHA256

7b9592607b5d459f9a77df861c51600aa451aeb465a968ae2f0f6b4942c29144
SHA512

a26dd8318d18b8daffb672dee634c805e9e13c2331f6e52a97123689bc09e6c313e486deffc3be083030b8812effff8bc7aa6383a537f738d0c7c969004ea882
SSDEEP

24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5K:gh+ZkldoPK8YaKGK

Score

10^/10

revengerat marzo26 discovery trojan

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

- Target
  
  4e8a98b0c0f1c50332be45e3fdbe40c0N
- Size
  
  904KB
- MD5
  
  4e8a98b0c0f1c50332be45e3fdbe40c0
- SHA1
  
  c4bf5703a46973abb93c0b7bc83f1cf54c8a7a0c
- SHA256
  
  7b9592607b5d459f9a77df861c51600aa451aeb465a968ae2f0f6b4942c29144
- SHA512
  
  a26dd8318d18b8daffb672dee634c805e9e13c2331f6e52a97123689bc09e6c313e486deffc3be083030b8812effff8bc7aa6383a537f738d0c7c969004ea882
- SSDEEP
  
  24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5K:gh+ZkldoPK8YaKGK
Score

10^/10

revengerat marzo26 discovery trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

revengeratmarzo26discoverytrojan

behavioral2

revengeratmarzo26discoverytrojan