revengerat | 4506ceabf255c3969c0d9c24cf97c01a5144ed5434d0321443b8a67df5157a10 | Triage

Sharing

General

Target

VirTool.Win32.AutInject.pz-4506ceabf255c3969c0d9c24cf97c01a5144ed5434d0321443b8a67df5157a10N
Size

904KB
Sample

240917-gdhjdsxdrn
MD5

fefdeeeed62fa2b8f9719f8b3e523210
SHA1

5aac925ebda82d7ae03de0949fa21a188ab80d9a
SHA256

4506ceabf255c3969c0d9c24cf97c01a5144ed5434d0321443b8a67df5157a10
SHA512

82168f0eac62a5caf8537c30f604bb33b3aee3ccc66658eb5449edcf05bc3b713c20c6ce1d67288e4ecbde1c85cb78811fd7e3939a9b7962739c3b26508b4ffa
SSDEEP

24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5G:gh+ZkldoPK8YaKGG

Score

10^/10

revengerat marzo26 discovery trojan

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

- Target
  
  VirTool.Win32.AutInject.pz-4506ceabf255c3969c0d9c24cf97c01a5144ed5434d0321443b8a67df5157a10N
- Size
  
  904KB
- MD5
  
  fefdeeeed62fa2b8f9719f8b3e523210
- SHA1
  
  5aac925ebda82d7ae03de0949fa21a188ab80d9a
- SHA256
  
  4506ceabf255c3969c0d9c24cf97c01a5144ed5434d0321443b8a67df5157a10
- SHA512
  
  82168f0eac62a5caf8537c30f604bb33b3aee3ccc66658eb5449edcf05bc3b713c20c6ce1d67288e4ecbde1c85cb78811fd7e3939a9b7962739c3b26508b4ffa
- SSDEEP
  
  24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5G:gh+ZkldoPK8YaKGG
Score

10^/10

revengerat marzo26 discovery trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

revengeratmarzo26discoverytrojan

behavioral2

revengeratmarzo26discoverytrojan