revengerat | 12e2e16050830fbac6c63c3da69c607a71324c4a9e8e3a8f2cf12d8aa0d0af90 | Triage

Sharing

General

Target

12e2e16050830fbac6c63c3da69c607a71324c4a9e8e3a8f2cf12d8aa0d0af90N.exe
Size

904KB
Sample

240926-p9cl1s1grd
MD5

9cb6a4d4a1a6a0530cd00cb88085ac60
SHA1

838e14e2b83bdd01cbbe044b3604fa833d8aa83e
SHA256

12e2e16050830fbac6c63c3da69c607a71324c4a9e8e3a8f2cf12d8aa0d0af90
SHA512

da3a8b771f16aca7473e5674109121df88d56d2f9c73aad49aecc93366a195c30d21c9877f2ba503ddf91106239c6745ac1dfb25bbad5475ab4582035953358e
SSDEEP

24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5U:gh+ZkldoPK8YaKGU

Score

10^/10

revengerat marzo26 discovery trojan

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

- Target
  
  12e2e16050830fbac6c63c3da69c607a71324c4a9e8e3a8f2cf12d8aa0d0af90N.exe
- Size
  
  904KB
- MD5
  
  9cb6a4d4a1a6a0530cd00cb88085ac60
- SHA1
  
  838e14e2b83bdd01cbbe044b3604fa833d8aa83e
- SHA256
  
  12e2e16050830fbac6c63c3da69c607a71324c4a9e8e3a8f2cf12d8aa0d0af90
- SHA512
  
  da3a8b771f16aca7473e5674109121df88d56d2f9c73aad49aecc93366a195c30d21c9877f2ba503ddf91106239c6745ac1dfb25bbad5475ab4582035953358e
- SSDEEP
  
  24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5U:gh+ZkldoPK8YaKGU
Score

10^/10

revengerat marzo26 discovery trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

revengeratmarzo26discoverytrojan

behavioral2

revengeratmarzo26discoverytrojan