revengerat | 428e58f52fe1bb0a4111b25aa4904163e16d0ff86520cbd4b64c825ca7f3bcc8 | Triage

Sharing

General

Target

428e58f52fe1bb0a4111b25aa4904163e16d0ff86520cbd4b64c825ca7f3bcc8
Size

904KB
Sample

241215-1j8sbaxrft
MD5

41faaf38b1095693daaf459a4659f1fe
SHA1

b4126c58d6478085a09b9ae4e2d96c1dc6c6962b
SHA256

428e58f52fe1bb0a4111b25aa4904163e16d0ff86520cbd4b64c825ca7f3bcc8
SHA512

351de2deb6b489ed495259048945f34905dccac8510a0d57361b45dc2119cf0f9254a0f1fb3801489a2671c72267b3e2254fb771fd96a8b60c910ebcbd20980d
SSDEEP

24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5m:gh+ZkldoPK8YaKGm

Score

10^/10

revengerat marzo26 discovery trojan

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

- Target
  
  428e58f52fe1bb0a4111b25aa4904163e16d0ff86520cbd4b64c825ca7f3bcc8
- Size
  
  904KB
- MD5
  
  41faaf38b1095693daaf459a4659f1fe
- SHA1
  
  b4126c58d6478085a09b9ae4e2d96c1dc6c6962b
- SHA256
  
  428e58f52fe1bb0a4111b25aa4904163e16d0ff86520cbd4b64c825ca7f3bcc8
- SHA512
  
  351de2deb6b489ed495259048945f34905dccac8510a0d57361b45dc2119cf0f9254a0f1fb3801489a2671c72267b3e2254fb771fd96a8b60c910ebcbd20980d
- SSDEEP
  
  24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5m:gh+ZkldoPK8YaKGm
Score

10^/10

revengerat marzo26 discovery trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Revengerat family
  revengerat
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

revengeratmarzo26discoverytrojan

behavioral2

revengeratmarzo26discoverytrojan