revengerat | 97b782dc9fdce13be21778e558c2c5fc414d8a0365fd3ac7d80450c3f4c85e7f | Triage

Sharing

General

Target

97b782dc9fdce13be21778e558c2c5fc414d8a0365fd3ac7d80450c3f4c85e7f
Size

904KB
Sample

240930-mznkeswajf
MD5

56a5a709578b6b8bad8d6ae2036cf241
SHA1

47a8b176297c1871db6f1bb5cb7f5ca2cc53afc4
SHA256

97b782dc9fdce13be21778e558c2c5fc414d8a0365fd3ac7d80450c3f4c85e7f
SHA512

ee7bbc88736b7a089116d7f5dabc45eac009b39d29be7aab11298d8c4d01d298b1c66c809b1ccfe97b77f46799ee7b126ed539cdc55e563f1ddaf4de9bf1a0d7
SSDEEP

24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5E:gh+ZkldoPK8YaKGE

Score

10^/10

revengerat marzo26 discovery trojan

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

- Target
  
  97b782dc9fdce13be21778e558c2c5fc414d8a0365fd3ac7d80450c3f4c85e7f
- Size
  
  904KB
- MD5
  
  56a5a709578b6b8bad8d6ae2036cf241
- SHA1
  
  47a8b176297c1871db6f1bb5cb7f5ca2cc53afc4
- SHA256
  
  97b782dc9fdce13be21778e558c2c5fc414d8a0365fd3ac7d80450c3f4c85e7f
- SHA512
  
  ee7bbc88736b7a089116d7f5dabc45eac009b39d29be7aab11298d8c4d01d298b1c66c809b1ccfe97b77f46799ee7b126ed539cdc55e563f1ddaf4de9bf1a0d7
- SSDEEP
  
  24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5E:gh+ZkldoPK8YaKGE
Score

10^/10

revengerat marzo26 discovery trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

revengeratmarzo26discoverytrojan

behavioral2

revengeratmarzo26discoverytrojan