revengerat | 027509799b63e17e375f5e90bdc568cfdd8b9b79e7167abf470a7259a6ab25b4 | Triage

Sharing

General

Target

027509799b63e17e375f5e90bdc568cfdd8b9b79e7167abf470a7259a6ab25b4
Size

904KB
Sample

241207-x4ztcsvjgp
MD5

cdd5812a5ae7b5b4dd667bb230e577c0
SHA1

789969d4e634a5b9d225e5c93133b323306be696
SHA256

027509799b63e17e375f5e90bdc568cfdd8b9b79e7167abf470a7259a6ab25b4
SHA512

e17f4b8d405fa3cb8f2d0cdbe9cb77c47b686c8359e5f3182043d4053e30860d0feb5d659f9b8701266c2708c74c37ee00f4ae571e20024126acf022cb3861f2
SSDEEP

24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa52:gh+ZkldoPK8YaKG2

Score

10^/10

revengerat marzo26 discovery trojan

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

- Target
  
  027509799b63e17e375f5e90bdc568cfdd8b9b79e7167abf470a7259a6ab25b4
- Size
  
  904KB
- MD5
  
  cdd5812a5ae7b5b4dd667bb230e577c0
- SHA1
  
  789969d4e634a5b9d225e5c93133b323306be696
- SHA256
  
  027509799b63e17e375f5e90bdc568cfdd8b9b79e7167abf470a7259a6ab25b4
- SHA512
  
  e17f4b8d405fa3cb8f2d0cdbe9cb77c47b686c8359e5f3182043d4053e30860d0feb5d659f9b8701266c2708c74c37ee00f4ae571e20024126acf022cb3861f2
- SSDEEP
  
  24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa52:gh+ZkldoPK8YaKG2
Score

10^/10

revengerat marzo26 discovery trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Revengerat family
  revengerat
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

revengeratmarzo26discoverytrojan

behavioral2

revengeratmarzo26discoverytrojan