revengerat | 6857af7e93505633ca39a3df4199b80afcffc0a96fd9344538c35f6323f2010d | Triage

Sharing

General

Target

6857af7e93505633ca39a3df4199b80afcffc0a96fd9344538c35f6323f2010dN
Size

904KB
Sample

240920-shgcnstarp
MD5

f7304d9eef3be6d98dbcd71cf65c5c00
SHA1

890c4a9c9ee89fdf77ee1dc2ffec66eb783ca652
SHA256

6857af7e93505633ca39a3df4199b80afcffc0a96fd9344538c35f6323f2010d
SHA512

936d1401634c46295c8377af9bc5e2c7c3b9c05e79eeb6c1b11719e5725da543f9591472efed75f11bd9cd953133c2936ac99764aa5d347903cf01884c4ea48e
SSDEEP

24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5C:gh+ZkldoPK8YaKGC

Score

10^/10

revengerat marzo26 discovery trojan

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

- Target
  
  6857af7e93505633ca39a3df4199b80afcffc0a96fd9344538c35f6323f2010dN
- Size
  
  904KB
- MD5
  
  f7304d9eef3be6d98dbcd71cf65c5c00
- SHA1
  
  890c4a9c9ee89fdf77ee1dc2ffec66eb783ca652
- SHA256
  
  6857af7e93505633ca39a3df4199b80afcffc0a96fd9344538c35f6323f2010d
- SHA512
  
  936d1401634c46295c8377af9bc5e2c7c3b9c05e79eeb6c1b11719e5725da543f9591472efed75f11bd9cd953133c2936ac99764aa5d347903cf01884c4ea48e
- SSDEEP
  
  24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5C:gh+ZkldoPK8YaKGC
Score

10^/10

revengerat marzo26 discovery trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

revengeratmarzo26discoverytrojan

behavioral2

revengeratmarzo26discoverytrojan