revengerat | eef922cc79a3cc9884026c41ed1060fa3d45c8abda93a5b60ba38f31ae64a5e9 | Triage

Sharing

General

Target

eef922cc79a3cc9884026c41ed1060fa3d45c8abda93a5b60ba38f31ae64a5e9N.exe
Size

904KB
Sample

241205-2733eaxkcy
MD5

1ae9bed1f1203e12199c0f3df3dfa6f0
SHA1

74b63d3dbfcd5d8f4ed563926394d10560463e43
SHA256

eef922cc79a3cc9884026c41ed1060fa3d45c8abda93a5b60ba38f31ae64a5e9
SHA512

a9a260b67e5b6c2dfe5b33030bc5da34cb82e9ab2925f854d0457b0083b08cad3a9853e3b303a88487acf1149a1b50944519d0a8adf2841a16891a9a79d7fa1a
SSDEEP

24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5Y:gh+ZkldoPK8YaKGY

Score

10^/10

revengerat marzo26 discovery trojan

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

- Target
  
  eef922cc79a3cc9884026c41ed1060fa3d45c8abda93a5b60ba38f31ae64a5e9N.exe
- Size
  
  904KB
- MD5
  
  1ae9bed1f1203e12199c0f3df3dfa6f0
- SHA1
  
  74b63d3dbfcd5d8f4ed563926394d10560463e43
- SHA256
  
  eef922cc79a3cc9884026c41ed1060fa3d45c8abda93a5b60ba38f31ae64a5e9
- SHA512
  
  a9a260b67e5b6c2dfe5b33030bc5da34cb82e9ab2925f854d0457b0083b08cad3a9853e3b303a88487acf1149a1b50944519d0a8adf2841a16891a9a79d7fa1a
- SSDEEP
  
  24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5Y:gh+ZkldoPK8YaKGY
Score

10^/10

revengerat marzo26 discovery trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Revengerat family
  revengerat
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

revengeratmarzo26discoverytrojan

behavioral2

revengeratmarzo26discoverytrojan