revengerat | 2d6df83c730b2a991b531e709031e66a31c5f822b4ce9336adecb0609197d24a | Triage

Sharing

General

Target

2d6df83c730b2a991b531e709031e66a31c5f822b4ce9336adecb0609197d24aN
Size

904KB
Sample

241031-cm1n4syldl
MD5

99073532da19fcea5027844a50705390
SHA1

0aef75f1914d6dceb7e621bdcbeb6741d588033f
SHA256

2d6df83c730b2a991b531e709031e66a31c5f822b4ce9336adecb0609197d24a
SHA512

7dff86f893d4d99467b577a02d333616429b4435914aa9f958dc55c96f9c76b57f4a2db8fdfec960163a1e76371fcadd29b26613c3bdfb9cd39a538fc23579ae
SSDEEP

24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5b:gh+ZkldoPK8YaKGb

Score

10^/10

revengerat marzo26 discovery trojan

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

- Target
  
  2d6df83c730b2a991b531e709031e66a31c5f822b4ce9336adecb0609197d24aN
- Size
  
  904KB
- MD5
  
  99073532da19fcea5027844a50705390
- SHA1
  
  0aef75f1914d6dceb7e621bdcbeb6741d588033f
- SHA256
  
  2d6df83c730b2a991b531e709031e66a31c5f822b4ce9336adecb0609197d24a
- SHA512
  
  7dff86f893d4d99467b577a02d333616429b4435914aa9f958dc55c96f9c76b57f4a2db8fdfec960163a1e76371fcadd29b26613c3bdfb9cd39a538fc23579ae
- SSDEEP
  
  24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5b:gh+ZkldoPK8YaKGb
Score

10^/10

revengerat marzo26 discovery trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Revengerat family
  revengerat
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

revengeratmarzo26discoverytrojan

behavioral2

revengeratmarzo26discoverytrojan