revengerat | ce6995d970f47c61f914b54a6afebb7909177adedbbc418aef102e0994f72ea5 | Triage

Sharing

General

Target

ce6995d970f47c61f914b54a6afebb7909177adedbbc418aef102e0994f72ea5N
Size

908KB
Sample

241020-e8hfrszaqe
MD5

36c2703ce518ee10f3da808d545c4090
SHA1

4e09874874250986a6600e6019c508099281241b
SHA256

ce6995d970f47c61f914b54a6afebb7909177adedbbc418aef102e0994f72ea5
SHA512

3d828c0e4a2a009e7002e922267c0bb000bf02f7ac256811ebe0025e7762512da3caa9d924a1fd5fc3b82a66cc48a0de62a125c1d8ea22369ccb08d06a39467d
SSDEEP

24576:lAHnh+eWsN3skA4RV1Hom2KXMmHa2s48tt5i:Uh+ZkldoPK8Ya2Ui

Score

10^/10

revengerat april discovery trojan

Malware Config

Extracted

Family

revengerat

Botnet

APRIL

C2

mallorca.myftp.org:5198

Mutex

RV_MUTEX-JHXJvbCGPPiCCaK

Targets

- Target
  
  ce6995d970f47c61f914b54a6afebb7909177adedbbc418aef102e0994f72ea5N
- Size
  
  908KB
- MD5
  
  36c2703ce518ee10f3da808d545c4090
- SHA1
  
  4e09874874250986a6600e6019c508099281241b
- SHA256
  
  ce6995d970f47c61f914b54a6afebb7909177adedbbc418aef102e0994f72ea5
- SHA512
  
  3d828c0e4a2a009e7002e922267c0bb000bf02f7ac256811ebe0025e7762512da3caa9d924a1fd5fc3b82a66cc48a0de62a125c1d8ea22369ccb08d06a39467d
- SSDEEP
  
  24576:lAHnh+eWsN3skA4RV1Hom2KXMmHa2s48tt5i:Uh+ZkldoPK8Ya2Ui
Score

10^/10

revengerat april discovery trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

revengerataprildiscoverytrojan

behavioral2

revengerataprildiscoverytrojan