revengerat | 576100cd01e86ec8b994acad9f9fd7d8843c01872df8e3533c4cd4b9cf8a4d45 | Triage

Sharing

General

Target

576100cd01e86ec8b994acad9f9fd7d8843c01872df8e3533c4cd4b9cf8a4d45N
Size

904KB
Sample

240927-jr1y1asdpn
MD5

da0462b5a19bc9becf18bcfd6dbde9b0
SHA1

9f2451ce46958e055a130e6b91ea7c2d47fea749
SHA256

576100cd01e86ec8b994acad9f9fd7d8843c01872df8e3533c4cd4b9cf8a4d45
SHA512

012a9882394e0f1e394535aa717173256e9f846574f8a9b690286ccb977beda5fa03d2af2d875342bf0c6c1660f544babcd712c69f7fdbf07814240b03835048
SSDEEP

24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5Q:gh+ZkldoPK8YaKGQ

Score

10^/10

revengerat marzo26 discovery trojan

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

- Target
  
  576100cd01e86ec8b994acad9f9fd7d8843c01872df8e3533c4cd4b9cf8a4d45N
- Size
  
  904KB
- MD5
  
  da0462b5a19bc9becf18bcfd6dbde9b0
- SHA1
  
  9f2451ce46958e055a130e6b91ea7c2d47fea749
- SHA256
  
  576100cd01e86ec8b994acad9f9fd7d8843c01872df8e3533c4cd4b9cf8a4d45
- SHA512
  
  012a9882394e0f1e394535aa717173256e9f846574f8a9b690286ccb977beda5fa03d2af2d875342bf0c6c1660f544babcd712c69f7fdbf07814240b03835048
- SSDEEP
  
  24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5Q:gh+ZkldoPK8YaKGQ
Score

10^/10

revengerat marzo26 discovery trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

revengeratmarzo26discoverytrojan

behavioral2

revengeratmarzo26discoverytrojan