revengerat | 16ef98259625a713a9c36b108ae1812f22ff49b7aaa4fe05746ec3ebf009c7bd | Triage

Submit
Reports

Overview

overview

Static

static

5

16ef982596...bd.exe

windows7-x64

16ef982596...bd.exe

windows10-2004-x64

Sharing

General

Target

16ef98259625a713a9c36b108ae1812f22ff49b7aaa4fe05746ec3ebf009c7bd
Size

952KB
Sample

240925-xme3masakl
MD5

2e04bef77df49a67f294efc0f2396ee0
SHA1

abcc41bb238223f9992c522a891dbedc2f312673
SHA256

16ef98259625a713a9c36b108ae1812f22ff49b7aaa4fe05746ec3ebf009c7bd
SHA512

f1a2fb904cd75b85024ae9bc6fd3c5dadefbf657823b4e2b40904869e00a8d6872ea75cbf9a63f6a352752b3dbacd2716d720648303f0f05e0ddf1041a456af7
SSDEEP

24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT5o:Rh+ZkldDPK8YaKjo

Score

10^/10

revengerat marzo26 discovery trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

16ef98259625a713a9c36b108ae1812f22ff49b7aaa4fe05746ec3ebf009c7bd.exe

Resource

win7-20240903-en

revengerat marzo26 discovery trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

16ef98259625a713a9c36b108ae1812f22ff49b7aaa4fe05746ec3ebf009c7bd.exe

Resource

win10v2004-20240802-en

revengerat marzo26 discovery trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

- Target
  
  16ef98259625a713a9c36b108ae1812f22ff49b7aaa4fe05746ec3ebf009c7bd
- Size
  
  952KB
- MD5
  
  2e04bef77df49a67f294efc0f2396ee0
- SHA1
  
  abcc41bb238223f9992c522a891dbedc2f312673
- SHA256
  
  16ef98259625a713a9c36b108ae1812f22ff49b7aaa4fe05746ec3ebf009c7bd
- SHA512
  
  f1a2fb904cd75b85024ae9bc6fd3c5dadefbf657823b4e2b40904869e00a8d6872ea75cbf9a63f6a352752b3dbacd2716d720648303f0f05e0ddf1041a456af7
- SSDEEP
  
  24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT5o:Rh+ZkldDPK8YaKjo
Score

10^/10

revengerat marzo26 discovery trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Drops startup file
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

revengeratmarzo26discoverytrojan

behavioral2

revengeratmarzo26discoverytrojan

© 2018-2024

Terms | Privacy