revengerat | 223e8765b925b3388d523d213925d70598d468f47e58ec1d4d70c5fdc055ee24 | Triage

Sharing

General

Target

223e8765b925b3388d523d213925d70598d468f47e58ec1d4d70c5fdc055ee24N.exe
Size

904KB
Sample

241203-l6ny4awmar
MD5

d5da76a701b5d9d9d250af5498e5a510
SHA1

0a47491a645db64cf8007572d5f49be93b62aabf
SHA256

223e8765b925b3388d523d213925d70598d468f47e58ec1d4d70c5fdc055ee24
SHA512

92024345605b0d027f38cfa1955d3aff5054520703f209022e534417682f301ec5d8c5da13b79b67a18fa7710b3f447e1ee1bccab2f463a2c2200bab35291256
SSDEEP

24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5i:gh+ZkldoPK8YaKGi

Score

10^/10

revengerat marzo26 discovery trojan

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

- Target
  
  223e8765b925b3388d523d213925d70598d468f47e58ec1d4d70c5fdc055ee24N.exe
- Size
  
  904KB
- MD5
  
  d5da76a701b5d9d9d250af5498e5a510
- SHA1
  
  0a47491a645db64cf8007572d5f49be93b62aabf
- SHA256
  
  223e8765b925b3388d523d213925d70598d468f47e58ec1d4d70c5fdc055ee24
- SHA512
  
  92024345605b0d027f38cfa1955d3aff5054520703f209022e534417682f301ec5d8c5da13b79b67a18fa7710b3f447e1ee1bccab2f463a2c2200bab35291256
- SSDEEP
  
  24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5i:gh+ZkldoPK8YaKGi
Score

10^/10

revengerat marzo26 discovery trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Revengerat family
  revengerat
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

revengeratmarzo26discoverytrojan

behavioral2

revengeratmarzo26discoverytrojan