revengerat | 9a5c9e2a930a7b08aa5d74aaace01c45882af67809b637cebab8a15ad0b23b62 | Triage

Sharing

General

Target

9a5c9e2a930a7b08aa5d74aaace01c45882af67809b637cebab8a15ad0b23b62N
Size

904KB
Sample

240920-rttlps1gnn
MD5

dbb915b33163603e7d0674e9cb020690
SHA1

4c8dee2850c6abf0514b2ebb5dd752f07efbc03a
SHA256

9a5c9e2a930a7b08aa5d74aaace01c45882af67809b637cebab8a15ad0b23b62
SHA512

e62f1d73d4742ac0e5901345ed4ff82149de6d2a981e6599406942ceb15edfeb83f652cf993c9d6bd2609a82718f5e33d98409c0a6a649f325894ed7dd7992fb
SSDEEP

24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5d:gh+ZkldoPK8YaKGd

Score

10^/10

revengerat marzo26 discovery trojan

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

- Target
  
  9a5c9e2a930a7b08aa5d74aaace01c45882af67809b637cebab8a15ad0b23b62N
- Size
  
  904KB
- MD5
  
  dbb915b33163603e7d0674e9cb020690
- SHA1
  
  4c8dee2850c6abf0514b2ebb5dd752f07efbc03a
- SHA256
  
  9a5c9e2a930a7b08aa5d74aaace01c45882af67809b637cebab8a15ad0b23b62
- SHA512
  
  e62f1d73d4742ac0e5901345ed4ff82149de6d2a981e6599406942ceb15edfeb83f652cf993c9d6bd2609a82718f5e33d98409c0a6a649f325894ed7dd7992fb
- SSDEEP
  
  24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5d:gh+ZkldoPK8YaKGd
Score

10^/10

revengerat marzo26 discovery trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

revengeratmarzo26discoverytrojan

behavioral2

revengeratmarzo26discoverytrojan