revengerat | 69d2df192e014b8ac071d568af6d8b544c37c201ff3bd6d646e483ac4ae71213 | Triage

Sharing

General

Target

69d2df192e014b8ac071d568af6d8b544c37c201ff3bd6d646e483ac4ae71213N
Size

904KB
Sample

241023-vk9s4stajn
MD5

6e3ea1393224d65a2af4cc94e2482d70
SHA1

1f934241154f53b0e61f9acd78f2c989a0693362
SHA256

69d2df192e014b8ac071d568af6d8b544c37c201ff3bd6d646e483ac4ae71213
SHA512

b64539492995801d27012abdd66c313497ef56607539728c5767ed9e99e8c49fde9e4923eb6abfc35df005d372ce89311f2d30f271960c6d7efcba5236331837
SSDEEP

24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa53:gh+ZkldoPK8YaKG3

Score

10^/10

revengerat marzo26 discovery trojan

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

- Target
  
  69d2df192e014b8ac071d568af6d8b544c37c201ff3bd6d646e483ac4ae71213N
- Size
  
  904KB
- MD5
  
  6e3ea1393224d65a2af4cc94e2482d70
- SHA1
  
  1f934241154f53b0e61f9acd78f2c989a0693362
- SHA256
  
  69d2df192e014b8ac071d568af6d8b544c37c201ff3bd6d646e483ac4ae71213
- SHA512
  
  b64539492995801d27012abdd66c313497ef56607539728c5767ed9e99e8c49fde9e4923eb6abfc35df005d372ce89311f2d30f271960c6d7efcba5236331837
- SSDEEP
  
  24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa53:gh+ZkldoPK8YaKG3
Score

10^/10

revengerat marzo26 discovery trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

revengeratmarzo26discoverytrojan

behavioral2

revengeratmarzo26discoverytrojan