revengerat | 27921ce334b2da29dcb8536c188ec5820e037a6918424e14f8f4d96ed95644a3 | Triage

Sharing

General

Target

27921ce334b2da29dcb8536c188ec5820e037a6918424e14f8f4d96ed95644a3.exe
Size

904KB
Sample

241118-mn1qlsvbpg
MD5

a3c9e8e8c7e237811e7462458c1c1a28
SHA1

225b5cbb1c685beaa297ef1026eee28500128ff0
SHA256

27921ce334b2da29dcb8536c188ec5820e037a6918424e14f8f4d96ed95644a3
SHA512

613656039219bbf8eb168ac6d647bff5aa1b7d8a2b53d36148237a16ebc7a748106856bffdbf16647ae25c78323632d704b04f28bcdb3f67c49b373dd8a8c40f
SSDEEP

24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5e:gh+ZkldoPK8YaKGe

Score

10^/10

revengerat marzo26 discovery trojan

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

- Target
  
  27921ce334b2da29dcb8536c188ec5820e037a6918424e14f8f4d96ed95644a3.exe
- Size
  
  904KB
- MD5
  
  a3c9e8e8c7e237811e7462458c1c1a28
- SHA1
  
  225b5cbb1c685beaa297ef1026eee28500128ff0
- SHA256
  
  27921ce334b2da29dcb8536c188ec5820e037a6918424e14f8f4d96ed95644a3
- SHA512
  
  613656039219bbf8eb168ac6d647bff5aa1b7d8a2b53d36148237a16ebc7a748106856bffdbf16647ae25c78323632d704b04f28bcdb3f67c49b373dd8a8c40f
- SSDEEP
  
  24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5e:gh+ZkldoPK8YaKGe
Score

10^/10

revengerat marzo26 discovery trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Revengerat family
  revengerat
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

revengeratmarzo26discoverytrojan

behavioral2

revengeratmarzo26discoverytrojan