revengerat | 4019f31d3285b17d24175dfe872058affe30dca96b6433afbdd89c593c3cecf3 | Triage

Sharing

General

Target

4019f31d3285b17d24175dfe872058affe30dca96b6433afbdd89c593c3cecf3N
Size

904KB
Sample

241004-zvfegawcrj
MD5

4961622b8027ee0e2c41271a201f1e30
SHA1

263bca877cfabade45cf4518d77bd865563dae52
SHA256

4019f31d3285b17d24175dfe872058affe30dca96b6433afbdd89c593c3cecf3
SHA512

db9941210ebf005e29c6846c8e1043ce4b61179de26c8703245ab78c9dfe095ef9d9cd95e3aee3570d7a793c6e00f1344af525274a00e817bcac601fa94361dc
SSDEEP

24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa54:gh+ZkldoPK8YaKG4

Score

10^/10

revengerat marzo26 discovery trojan

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

- Target
  
  4019f31d3285b17d24175dfe872058affe30dca96b6433afbdd89c593c3cecf3N
- Size
  
  904KB
- MD5
  
  4961622b8027ee0e2c41271a201f1e30
- SHA1
  
  263bca877cfabade45cf4518d77bd865563dae52
- SHA256
  
  4019f31d3285b17d24175dfe872058affe30dca96b6433afbdd89c593c3cecf3
- SHA512
  
  db9941210ebf005e29c6846c8e1043ce4b61179de26c8703245ab78c9dfe095ef9d9cd95e3aee3570d7a793c6e00f1344af525274a00e817bcac601fa94361dc
- SSDEEP
  
  24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa54:gh+ZkldoPK8YaKG4
Score

10^/10

revengerat marzo26 discovery trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

revengeratmarzo26discoverytrojan

behavioral2

revengeratmarzo26discoverytrojan