revengerat | cf6ec219b6794eb1346ccbf7d5ccec85a0f2292062be700ffcf0ea06c14a8eaa | Triage

Sharing

General

Target

cf6ec219b6794eb1346ccbf7d5ccec85a0f2292062be700ffcf0ea06c14a8eaaN
Size

904KB
Sample

241015-zy23msxbre
MD5

0c1862cc2899b3d9e5aafbf2ea339e90
SHA1

418ddc436f8b8fa888311c26351b28d7540cb89a
SHA256

cf6ec219b6794eb1346ccbf7d5ccec85a0f2292062be700ffcf0ea06c14a8eaa
SHA512

48d255fda5b5af9a5c35506bfd3eb9a8a309b248fc772328b55fb47fc40302a54807cbe89cc14c48ceca00ae4a15e14413579021a99feb7a04476dddd1a0c0f8
SSDEEP

24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5s:gh+ZkldoPK8YaKGs

Score

10^/10

revengerat marzo26 discovery trojan

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

- Target
  
  cf6ec219b6794eb1346ccbf7d5ccec85a0f2292062be700ffcf0ea06c14a8eaaN
- Size
  
  904KB
- MD5
  
  0c1862cc2899b3d9e5aafbf2ea339e90
- SHA1
  
  418ddc436f8b8fa888311c26351b28d7540cb89a
- SHA256
  
  cf6ec219b6794eb1346ccbf7d5ccec85a0f2292062be700ffcf0ea06c14a8eaa
- SHA512
  
  48d255fda5b5af9a5c35506bfd3eb9a8a309b248fc772328b55fb47fc40302a54807cbe89cc14c48ceca00ae4a15e14413579021a99feb7a04476dddd1a0c0f8
- SSDEEP
  
  24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5s:gh+ZkldoPK8YaKGs
Score

10^/10

revengerat marzo26 discovery trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

revengeratmarzo26discoverytrojan

behavioral2

revengeratmarzo26discoverytrojan