revengerat | 6fde994194d60d2eaa3a7da73310e01630b1937559e742b6d14af2dff9d112bf | Triage

Sharing

General

Target

6fde994194d60d2eaa3a7da73310e01630b1937559e742b6d14af2dff9d112bfN.exe
Size

904KB
Sample

241222-cym76azldw
MD5

ea7501d64905af9482c6d55fa443d0f0
SHA1

9d06e10a98173131f594660ab0976bbd920f45ba
SHA256

6fde994194d60d2eaa3a7da73310e01630b1937559e742b6d14af2dff9d112bf
SHA512

78b4d174b08afc8c279498fac8cbebdfcb700a8a9033bf148eb87b207a8dbba3b7c7289b93bdc18480be7d4c6fedc0f8c15acf5b772c371637c2e2d35f7c179a
SSDEEP

24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5j:gh+ZkldoPK8YaKGj

Score

10^/10

revengerat marzo26 discovery trojan

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

- Target
  
  6fde994194d60d2eaa3a7da73310e01630b1937559e742b6d14af2dff9d112bfN.exe
- Size
  
  904KB
- MD5
  
  ea7501d64905af9482c6d55fa443d0f0
- SHA1
  
  9d06e10a98173131f594660ab0976bbd920f45ba
- SHA256
  
  6fde994194d60d2eaa3a7da73310e01630b1937559e742b6d14af2dff9d112bf
- SHA512
  
  78b4d174b08afc8c279498fac8cbebdfcb700a8a9033bf148eb87b207a8dbba3b7c7289b93bdc18480be7d4c6fedc0f8c15acf5b772c371637c2e2d35f7c179a
- SSDEEP
  
  24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5j:gh+ZkldoPK8YaKGj
Score

10^/10

revengerat marzo26 discovery trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Revengerat family
  revengerat
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

revengeratmarzo26discoverytrojan

behavioral2

revengeratmarzo26discoverytrojan