revengerat | 3550ac13a082e954d020ea83cac883bc9b6a778ae8ac9e66c4daa3211ab868f7 | Triage

Sharing

General

Target

3550ac13a082e954d020ea83cac883bc9b6a778ae8ac9e66c4daa3211ab868f7.exe
Size

905KB
Sample

241202-lzhhqszpav
MD5

64c987d6441f145d3c93ddf603dce4fd
SHA1

12d5160f10d610d4710a5de898b61b284a86d173
SHA256

3550ac13a082e954d020ea83cac883bc9b6a778ae8ac9e66c4daa3211ab868f7
SHA512

c58eaa67e430fa88c33c91974813e81534c77246a1b96834105943baab2a0cc6a008026832e382ec9a319fcb75f71125156e53f2af664a23e3107a446eb7f435
SSDEEP

24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5S:gh+ZkldoPK8YaKGS

Score

10^/10

revengerat marzo26 discovery trojan

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

- Target
  
  3550ac13a082e954d020ea83cac883bc9b6a778ae8ac9e66c4daa3211ab868f7.exe
- Size
  
  905KB
- MD5
  
  64c987d6441f145d3c93ddf603dce4fd
- SHA1
  
  12d5160f10d610d4710a5de898b61b284a86d173
- SHA256
  
  3550ac13a082e954d020ea83cac883bc9b6a778ae8ac9e66c4daa3211ab868f7
- SHA512
  
  c58eaa67e430fa88c33c91974813e81534c77246a1b96834105943baab2a0cc6a008026832e382ec9a319fcb75f71125156e53f2af664a23e3107a446eb7f435
- SSDEEP
  
  24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5S:gh+ZkldoPK8YaKGS
Score

10^/10

revengerat marzo26 discovery trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Revengerat family
  revengerat
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

revengeratmarzo26discoverytrojan

behavioral2

revengeratmarzo26discoverytrojan