revengerat | ce798cd62793789f6b1ee057932605398adce8c2701bb9e7d1017ac01929dfb2 | Triage

Sharing

General

Target

ce798cd62793789f6b1ee057932605398adce8c2701bb9e7d1017ac01929dfb2N.exe
Size

904KB
Sample

241202-wkhkasvpdz
MD5

4f5deca81cde3d98b6d67e4607c307c0
SHA1

be3496dc330a08e55aee979aa160e4ffaba678f6
SHA256

ce798cd62793789f6b1ee057932605398adce8c2701bb9e7d1017ac01929dfb2
SHA512

fe6f970bdec72e4f336d545f7ce860d432f73c878758790fb2b11092e94caa4ee7519f4d6bf5d2783bbd9776c4317154d276fd37a5e82b2a02039f95be27e3e6
SSDEEP

24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5W:gh+ZkldoPK8YaKGW

Score

10^/10

revengerat marzo26 discovery trojan

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

- Target
  
  ce798cd62793789f6b1ee057932605398adce8c2701bb9e7d1017ac01929dfb2N.exe
- Size
  
  904KB
- MD5
  
  4f5deca81cde3d98b6d67e4607c307c0
- SHA1
  
  be3496dc330a08e55aee979aa160e4ffaba678f6
- SHA256
  
  ce798cd62793789f6b1ee057932605398adce8c2701bb9e7d1017ac01929dfb2
- SHA512
  
  fe6f970bdec72e4f336d545f7ce860d432f73c878758790fb2b11092e94caa4ee7519f4d6bf5d2783bbd9776c4317154d276fd37a5e82b2a02039f95be27e3e6
- SSDEEP
  
  24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5W:gh+ZkldoPK8YaKGW
Score

10^/10

revengerat marzo26 discovery trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Revengerat family
  revengerat
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

revengeratmarzo26discoverytrojan

behavioral2

revengeratmarzo26discoverytrojan