revengerat | 162e16f6875687d37eb734a5abd106c9a3e62f4e8c28fe9ac74d6510acba4ced | Triage

Sharing

General

Target

VirTool.Win32.AutInject.pz-162e16f6875687d37eb734a5abd106c9a3e62f4e8c28fe9ac74d6510acba4cedN
Size

904KB
Sample

240916-r7eppstcnc
MD5

f9bf2b93f724e3d0133fa5602e6daa50
SHA1

2e7a6f90a6bf303f43d1ad220464f0ea5526a7bf
SHA256

162e16f6875687d37eb734a5abd106c9a3e62f4e8c28fe9ac74d6510acba4ced
SHA512

16a66ab81fc39480d1331b204f4a13e5eb81d9f324084bed9a9394305ec600257a29e9466901f36ee2fd18496ef84b2f8094f7c7bb03361192adc0e0ff1f8a62
SSDEEP

24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa58:gh+ZkldoPK8YaKG8

Score

10^/10

revengerat marzo26 discovery trojan

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

- Target
  
  VirTool.Win32.AutInject.pz-162e16f6875687d37eb734a5abd106c9a3e62f4e8c28fe9ac74d6510acba4cedN
- Size
  
  904KB
- MD5
  
  f9bf2b93f724e3d0133fa5602e6daa50
- SHA1
  
  2e7a6f90a6bf303f43d1ad220464f0ea5526a7bf
- SHA256
  
  162e16f6875687d37eb734a5abd106c9a3e62f4e8c28fe9ac74d6510acba4ced
- SHA512
  
  16a66ab81fc39480d1331b204f4a13e5eb81d9f324084bed9a9394305ec600257a29e9466901f36ee2fd18496ef84b2f8094f7c7bb03361192adc0e0ff1f8a62
- SSDEEP
  
  24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa58:gh+ZkldoPK8YaKG8
Score

10^/10

revengerat marzo26 discovery trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

revengeratmarzo26discoverytrojan

behavioral2

revengeratmarzo26discoverytrojan