revengerat | 6d86008fd87ee75c46d364948cca56e20508e240ed4552d0eb6702b09392a0d1 | Triage

Sharing

General

Target

6d86008fd87ee75c46d364948cca56e20508e240ed4552d0eb6702b09392a0d1N.exe
Size

904KB
Sample

241207-xdvfystkgr
MD5

daaac098428f71cb21a9d48972adddf0
SHA1

35b7a089afac72a980951d7c750d6b9adfd14fa6
SHA256

6d86008fd87ee75c46d364948cca56e20508e240ed4552d0eb6702b09392a0d1
SHA512

a38b17b7d423a819485e4575e7e9bc050d805d71fda71938e4b188292563b7c58247be03e9429abaa0324d021056150bcf92d5cbe135d49d8475dfcaec603768
SSDEEP

24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5B:gh+ZkldoPK8YaKGB

Score

10^/10

revengerat marzo26 discovery trojan

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

- Target
  
  6d86008fd87ee75c46d364948cca56e20508e240ed4552d0eb6702b09392a0d1N.exe
- Size
  
  904KB
- MD5
  
  daaac098428f71cb21a9d48972adddf0
- SHA1
  
  35b7a089afac72a980951d7c750d6b9adfd14fa6
- SHA256
  
  6d86008fd87ee75c46d364948cca56e20508e240ed4552d0eb6702b09392a0d1
- SHA512
  
  a38b17b7d423a819485e4575e7e9bc050d805d71fda71938e4b188292563b7c58247be03e9429abaa0324d021056150bcf92d5cbe135d49d8475dfcaec603768
- SSDEEP
  
  24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5B:gh+ZkldoPK8YaKGB
Score

10^/10

revengerat marzo26 discovery trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Revengerat family
  revengerat
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

revengeratmarzo26discoverytrojan

behavioral2

revengeratmarzo26discoverytrojan