revengerat | bd39207153826c99b5dcea465881de398029cb45fca78464d8e6e0a3ba968639 | Triage

Sharing

General

Target

bd39207153826c99b5dcea465881de398029cb45fca78464d8e6e0a3ba968639
Size

904KB
Sample

241114-ckvp3sslez
MD5

8845d290153c6691a6aeb5d283ab1152
SHA1

fcb362ee76cb9c2e95001dd98c37f59b999e959f
SHA256

bd39207153826c99b5dcea465881de398029cb45fca78464d8e6e0a3ba968639
SHA512

c3b708f73b25739a29beb9f4b7965c3f84b78b3e59029e64fc1dc73a35aeee8a7389161ab0a05fc732db8862b40acf5a23ee0b914b4ff69803363ce9331841c6
SSDEEP

24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa51:gh+ZkldoPK8YaKG1

Score

10^/10

revengerat marzo26 discovery trojan

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

- Target
  
  bd39207153826c99b5dcea465881de398029cb45fca78464d8e6e0a3ba968639
- Size
  
  904KB
- MD5
  
  8845d290153c6691a6aeb5d283ab1152
- SHA1
  
  fcb362ee76cb9c2e95001dd98c37f59b999e959f
- SHA256
  
  bd39207153826c99b5dcea465881de398029cb45fca78464d8e6e0a3ba968639
- SHA512
  
  c3b708f73b25739a29beb9f4b7965c3f84b78b3e59029e64fc1dc73a35aeee8a7389161ab0a05fc732db8862b40acf5a23ee0b914b4ff69803363ce9331841c6
- SSDEEP
  
  24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa51:gh+ZkldoPK8YaKG1
Score

10^/10

revengerat marzo26 discovery trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Revengerat family
  revengerat
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

revengeratmarzo26discoverytrojan

behavioral2

revengeratmarzo26discoverytrojan