revengerat | 18e12ecf87db5d58357b9f6b0e3d74fa34d4eab2bc7ec273394495f071e6c9fb | Triage

Submit
Reports

Overview

overview

Static

static

5

18e12ecf87...bN.exe

windows7-x64

18e12ecf87...bN.exe

windows10-2004-x64

Sharing

General

Target

18e12ecf87db5d58357b9f6b0e3d74fa34d4eab2bc7ec273394495f071e6c9fbN.exe
Size

904KB
Sample

241204-vkac9axlcj
MD5

9946eeb55e52f2c31a4d7400bad924f0
SHA1

83f55d9025cb537fc18ba461e06d50459cddc5b9
SHA256

18e12ecf87db5d58357b9f6b0e3d74fa34d4eab2bc7ec273394495f071e6c9fb
SHA512

e7606a6d8da1b64f70e3685c9ecc4bc5b71357eafb89719435ab24e7c7f70d04479af696b12c24a53c3d7a70df872d62cfb0b9e5a8836f57cf69877706b79111
SSDEEP

24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5h:gh+ZkldoPK8YaKGh

Score

10^/10

revengerat marzo26 discovery trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

18e12ecf87db5d58357b9f6b0e3d74fa34d4eab2bc7ec273394495f071e6c9fbN.exe

Resource

win7-20240903-en

revengerat marzo26 discovery trojan

windows7-x64

11 signatures

120 seconds

Behavioral task

behavioral2

Sample

18e12ecf87db5d58357b9f6b0e3d74fa34d4eab2bc7ec273394495f071e6c9fbN.exe

Resource

win10v2004-20241007-en

revengerat marzo26 discovery trojan

windows10-2004-x64

10 signatures

120 seconds

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

- Target
  
  18e12ecf87db5d58357b9f6b0e3d74fa34d4eab2bc7ec273394495f071e6c9fbN.exe
- Size
  
  904KB
- MD5
  
  9946eeb55e52f2c31a4d7400bad924f0
- SHA1
  
  83f55d9025cb537fc18ba461e06d50459cddc5b9
- SHA256
  
  18e12ecf87db5d58357b9f6b0e3d74fa34d4eab2bc7ec273394495f071e6c9fb
- SHA512
  
  e7606a6d8da1b64f70e3685c9ecc4bc5b71357eafb89719435ab24e7c7f70d04479af696b12c24a53c3d7a70df872d62cfb0b9e5a8836f57cf69877706b79111
- SSDEEP
  
  24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5h:gh+ZkldoPK8YaKGh
Score

10^/10

revengerat marzo26 discovery trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Revengerat family
  revengerat
- Drops startup file
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

revengeratmarzo26discoverytrojan

behavioral2

revengeratmarzo26discoverytrojan

© 2018-2025

Terms | Privacy