revengerat | 9a9a1418e63601bfecc06df319f2f78d3d70523708d7377a57a3fedcf635bbdc | Triage

Sharing

General

Target

9a9a1418e63601bfecc06df319f2f78d3d70523708d7377a57a3fedcf635bbdc
Size

904KB
Sample

241202-a2jb9svqhp
MD5

fa590fb42e4ccd2be656afd625734f38
SHA1

4986ab1409e516c981b100b1047b81d96ffd43ae
SHA256

9a9a1418e63601bfecc06df319f2f78d3d70523708d7377a57a3fedcf635bbdc
SHA512

339721547a934d258625ac850229a18b98b9f89a0b089e0bdcf9217d360eddfdded427b50fee0582e13496f6519360bb8ccf6f6a7c95b2e45acc88575d2596e5
SSDEEP

24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5T:gh+ZkldoPK8YaKGT

Score

10^/10

revengerat marzo26 discovery trojan

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

- Target
  
  9a9a1418e63601bfecc06df319f2f78d3d70523708d7377a57a3fedcf635bbdc
- Size
  
  904KB
- MD5
  
  fa590fb42e4ccd2be656afd625734f38
- SHA1
  
  4986ab1409e516c981b100b1047b81d96ffd43ae
- SHA256
  
  9a9a1418e63601bfecc06df319f2f78d3d70523708d7377a57a3fedcf635bbdc
- SHA512
  
  339721547a934d258625ac850229a18b98b9f89a0b089e0bdcf9217d360eddfdded427b50fee0582e13496f6519360bb8ccf6f6a7c95b2e45acc88575d2596e5
- SSDEEP
  
  24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5T:gh+ZkldoPK8YaKGT
Score

10^/10

revengerat marzo26 discovery trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Revengerat family
  revengerat
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

revengeratmarzo26discoverytrojan

behavioral2

revengeratmarzo26discoverytrojan