revengerat | cd6f891d221c686b080c24b97be3a4c807eb3abec2add6fbeefc0092c32da327 | Triage

Sharing

General

Target

cd6f891d221c686b080c24b97be3a4c807eb3abec2add6fbeefc0092c32da327
Size

904KB
Sample

241202-c7grqsvqez
MD5

cecbf11cc3180629682eee9a02a3deeb
SHA1

1743041392682d3b7a778efc8a3b18d56539536f
SHA256

cd6f891d221c686b080c24b97be3a4c807eb3abec2add6fbeefc0092c32da327
SHA512

264f8233600bbdd8e6b3a8837fbaadd2d9de0c368823553c8046b9bf1288b0d873ba6847a786986ab87fec31a69a14b4a60539a44f288404fc7174049b5190e4
SSDEEP

24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa55:gh+ZkldoPK8YaKG5

Score

10^/10

revengerat marzo26 discovery trojan

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

- Target
  
  cd6f891d221c686b080c24b97be3a4c807eb3abec2add6fbeefc0092c32da327
- Size
  
  904KB
- MD5
  
  cecbf11cc3180629682eee9a02a3deeb
- SHA1
  
  1743041392682d3b7a778efc8a3b18d56539536f
- SHA256
  
  cd6f891d221c686b080c24b97be3a4c807eb3abec2add6fbeefc0092c32da327
- SHA512
  
  264f8233600bbdd8e6b3a8837fbaadd2d9de0c368823553c8046b9bf1288b0d873ba6847a786986ab87fec31a69a14b4a60539a44f288404fc7174049b5190e4
- SSDEEP
  
  24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa55:gh+ZkldoPK8YaKG5
Score

10^/10

revengerat marzo26 discovery trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Revengerat family
  revengerat
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

revengeratmarzo26discoverytrojan

behavioral2

revengeratmarzo26discoverytrojan