revengerat | e5869cf4119678aa7e5f9d8cef6823e1a40bbd28834e7a467592f8b7267772a6 | Triage

Sharing

General

Target

e5869cf4119678aa7e5f9d8cef6823e1a40bbd28834e7a467592f8b7267772a6N.exe
Size

904KB
Sample

241204-gfdcfszldp
MD5

8bb1a9b0903cece889387e0cb1f319f0
SHA1

239d8562c7b6612cb64c51dda3464d32b2a34397
SHA256

e5869cf4119678aa7e5f9d8cef6823e1a40bbd28834e7a467592f8b7267772a6
SHA512

9d314ca823cd773095e57f033700e81ddde2fbd4781a4fbe655b86e8854afea6ffce59ee2762769a1b9d54d9b65c3f294d44b30b44ce29df06504ca6798f443c
SSDEEP

24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5L:gh+ZkldoPK8YaKGL

Score

10^/10

revengerat marzo26 discovery trojan

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

- Target
  
  e5869cf4119678aa7e5f9d8cef6823e1a40bbd28834e7a467592f8b7267772a6N.exe
- Size
  
  904KB
- MD5
  
  8bb1a9b0903cece889387e0cb1f319f0
- SHA1
  
  239d8562c7b6612cb64c51dda3464d32b2a34397
- SHA256
  
  e5869cf4119678aa7e5f9d8cef6823e1a40bbd28834e7a467592f8b7267772a6
- SHA512
  
  9d314ca823cd773095e57f033700e81ddde2fbd4781a4fbe655b86e8854afea6ffce59ee2762769a1b9d54d9b65c3f294d44b30b44ce29df06504ca6798f443c
- SSDEEP
  
  24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5L:gh+ZkldoPK8YaKGL
Score

10^/10

revengerat marzo26 discovery trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Revengerat family
  revengerat
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

revengeratmarzo26discoverytrojan

behavioral2

revengeratmarzo26discoverytrojan