revengerat | 569eaf4a686c394fbb5adc35dd1e956e4c2bb7d00a6e46817e61f5ebbaf84b19 | Triage

Sharing

General

Target

VirTool.Win32.AutInject.pz-569eaf4a686c394fbb5adc35dd1e956e4c2bb7d00a6e46817e61f5ebbaf84b19N
Size

904KB
Sample

240917-d5ttyssgnp
MD5

9a2d43951f5926c71536d5eff5bde910
SHA1

379bf1ac4c4a4703272c07e763aa67d571d4729f
SHA256

569eaf4a686c394fbb5adc35dd1e956e4c2bb7d00a6e46817e61f5ebbaf84b19
SHA512

c46c6e70b558720804937c1311f864e82929ac460f86bbace9c4aea4d94975d719d5161a430fdc62062e5dd32452b8f7b2fc23d1e3aacabe0b803b8d260bdaa8
SSDEEP

24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5e:gh+ZkldoPK8YaKGe

Score

10^/10

revengerat marzo26 discovery trojan

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

- Target
  
  VirTool.Win32.AutInject.pz-569eaf4a686c394fbb5adc35dd1e956e4c2bb7d00a6e46817e61f5ebbaf84b19N
- Size
  
  904KB
- MD5
  
  9a2d43951f5926c71536d5eff5bde910
- SHA1
  
  379bf1ac4c4a4703272c07e763aa67d571d4729f
- SHA256
  
  569eaf4a686c394fbb5adc35dd1e956e4c2bb7d00a6e46817e61f5ebbaf84b19
- SHA512
  
  c46c6e70b558720804937c1311f864e82929ac460f86bbace9c4aea4d94975d719d5161a430fdc62062e5dd32452b8f7b2fc23d1e3aacabe0b803b8d260bdaa8
- SSDEEP
  
  24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5e:gh+ZkldoPK8YaKGe
Score

10^/10

revengerat marzo26 discovery trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

revengeratmarzo26discoverytrojan

behavioral2

revengeratmarzo26discoverytrojan