revengerat | 4266a12d3284d2df5fd1390ed0c2a260356bc4b40bf656e2252aa497a3779393 | Triage

Sharing

General

Target

4266a12d3284d2df5fd1390ed0c2a260356bc4b40bf656e2252aa497a3779393N
Size

904KB
Sample

241012-r5ftzszfrn
MD5

114fdfe37f3359f13ad36e2d1206aa60
SHA1

214905bace36148a2478f78b4085db2a156e5124
SHA256

4266a12d3284d2df5fd1390ed0c2a260356bc4b40bf656e2252aa497a3779393
SHA512

ce68b52ab72980af9296c344ec70dd516e968fe93cf8a380702c1942a92af92e290a97d5fb0a57c8ccd415e8ce6eaa391a132c32869e6e66cd6b499d521e1941
SSDEEP

24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5n:gh+ZkldoPK8YaKGn

Score

10^/10

revengerat marzo26 discovery trojan

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

- Target
  
  4266a12d3284d2df5fd1390ed0c2a260356bc4b40bf656e2252aa497a3779393N
- Size
  
  904KB
- MD5
  
  114fdfe37f3359f13ad36e2d1206aa60
- SHA1
  
  214905bace36148a2478f78b4085db2a156e5124
- SHA256
  
  4266a12d3284d2df5fd1390ed0c2a260356bc4b40bf656e2252aa497a3779393
- SHA512
  
  ce68b52ab72980af9296c344ec70dd516e968fe93cf8a380702c1942a92af92e290a97d5fb0a57c8ccd415e8ce6eaa391a132c32869e6e66cd6b499d521e1941
- SSDEEP
  
  24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5n:gh+ZkldoPK8YaKGn
Score

10^/10

revengerat marzo26 discovery trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

revengeratmarzo26discoverytrojan

behavioral2

revengeratmarzo26discoverytrojan