revengerat | c7a6e0e2b4e6eb983f601a7f3e91bd93efd25ac0f9b11dd73ecb4f9cda8d8bfd | Triage

Sharing

General

Target

c7a6e0e2b4e6eb983f601a7f3e91bd93efd25ac0f9b11dd73ecb4f9cda8d8bfdN
Size

904KB
Sample

240922-gnx2tsvcrl
MD5

b7f2d56ab925f81324d72c4e78882580
SHA1

f542fbc0237cd410ac8c9957c4e771bf849329bb
SHA256

c7a6e0e2b4e6eb983f601a7f3e91bd93efd25ac0f9b11dd73ecb4f9cda8d8bfd
SHA512

f5989ea5d21fe5928d03e76698fe0ea65450720077c80f300f5cdde539c435917472b74e98ce69f6e7ad4ba8850a12cddc7b1ce78f300ff820ddbe0b1af632c6
SSDEEP

24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5t:gh+ZkldoPK8YaKGt

Score

10^/10

revengerat marzo26 discovery trojan

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

- Target
  
  c7a6e0e2b4e6eb983f601a7f3e91bd93efd25ac0f9b11dd73ecb4f9cda8d8bfdN
- Size
  
  904KB
- MD5
  
  b7f2d56ab925f81324d72c4e78882580
- SHA1
  
  f542fbc0237cd410ac8c9957c4e771bf849329bb
- SHA256
  
  c7a6e0e2b4e6eb983f601a7f3e91bd93efd25ac0f9b11dd73ecb4f9cda8d8bfd
- SHA512
  
  f5989ea5d21fe5928d03e76698fe0ea65450720077c80f300f5cdde539c435917472b74e98ce69f6e7ad4ba8850a12cddc7b1ce78f300ff820ddbe0b1af632c6
- SSDEEP
  
  24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5t:gh+ZkldoPK8YaKGt
Score

10^/10

revengerat marzo26 discovery trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

revengeratmarzo26discoverytrojan

behavioral2

revengeratmarzo26discoverytrojan