revengerat | 010ea3019a8d0295841d88b660c04c667914b6a5dbf1a5e30d264bd43eb869ce | Triage

Sharing

General

Target

010ea3019a8d0295841d88b660c04c667914b6a5dbf1a5e30d264bd43eb869ceN.exe
Size

904KB
Sample

241128-zast3avnfk
MD5

040bab4a168172a9b4546a4f119e0500
SHA1

108afb23f85b44bc0ee19014be63f16624adfbdb
SHA256

010ea3019a8d0295841d88b660c04c667914b6a5dbf1a5e30d264bd43eb869ce
SHA512

d83bce0cacb0c0c9f0aec98eb8eefda1cb15e021a351cb3266a8c483fdee43478b40db0bc8b21fa0aab2b9907b10ba24e074215cf3f13afa246ce9932e237f04
SSDEEP

24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5W:gh+ZkldoPK8YaKGW

Score

10^/10

revengerat marzo26 discovery trojan

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

- Target
  
  010ea3019a8d0295841d88b660c04c667914b6a5dbf1a5e30d264bd43eb869ceN.exe
- Size
  
  904KB
- MD5
  
  040bab4a168172a9b4546a4f119e0500
- SHA1
  
  108afb23f85b44bc0ee19014be63f16624adfbdb
- SHA256
  
  010ea3019a8d0295841d88b660c04c667914b6a5dbf1a5e30d264bd43eb869ce
- SHA512
  
  d83bce0cacb0c0c9f0aec98eb8eefda1cb15e021a351cb3266a8c483fdee43478b40db0bc8b21fa0aab2b9907b10ba24e074215cf3f13afa246ce9932e237f04
- SSDEEP
  
  24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5W:gh+ZkldoPK8YaKGW
Score

10^/10

revengerat marzo26 discovery trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Revengerat family
  revengerat
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

revengeratmarzo26discoverytrojan

behavioral2

revengeratmarzo26discoverytrojan