revengerat | dba96c0b92e0a9d082f2c364811031138b1e16d223b682a186d7ae844e361211 | Triage

Sharing

General

Target

310097166943e0d186173a1683cc63f0N.exe
Size

904KB
Sample

240915-efmj1svbjd
MD5

310097166943e0d186173a1683cc63f0
SHA1

fb13913780c0863e6e6058a514b7c1d8e59a7158
SHA256

dba96c0b92e0a9d082f2c364811031138b1e16d223b682a186d7ae844e361211
SHA512

39e2f17ed5b9d0285525ffadffff577dfffaedae396557097b19b7c5b3959edbcbf00f1e20d5f800b43a1ad1950168b65a686185cab2d1a0a0a79ba231d932a2
SSDEEP

24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5f:gh+ZkldoPK8YaKGf

Score

10^/10

revengerat marzo26 discovery trojan

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

- Target
  
  310097166943e0d186173a1683cc63f0N.exe
- Size
  
  904KB
- MD5
  
  310097166943e0d186173a1683cc63f0
- SHA1
  
  fb13913780c0863e6e6058a514b7c1d8e59a7158
- SHA256
  
  dba96c0b92e0a9d082f2c364811031138b1e16d223b682a186d7ae844e361211
- SHA512
  
  39e2f17ed5b9d0285525ffadffff577dfffaedae396557097b19b7c5b3959edbcbf00f1e20d5f800b43a1ad1950168b65a686185cab2d1a0a0a79ba231d932a2
- SSDEEP
  
  24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5f:gh+ZkldoPK8YaKGf
Score

10^/10

revengerat marzo26 discovery trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

revengeratmarzo26discoverytrojan

behavioral2

revengeratmarzo26discoverytrojan