revengerat | 00682d210dea4a5805e7af00d45a7d242a29065ab8495389548d1a1e9d0d1ac5 | Triage

Sharing

General

Target

00682d210dea4a5805e7af00d45a7d242a29065ab8495389548d1a1e9d0d1ac5
Size

905KB
Sample

241227-xvkyvaxrex
MD5

d921cb7a7f1f0e5947adec26c434e326
SHA1

009040c2d837c87ef49fcff0c6419fde280e4d9e
SHA256

00682d210dea4a5805e7af00d45a7d242a29065ab8495389548d1a1e9d0d1ac5
SHA512

01bfc39483d7b285f7fdc16177df1a31ba56104157e405106a99c44601c9d5237d6b78d3ecf3af1b91c9af623c498df5dd1cdaee1839d5e6114f3fafeb8e60f2
SSDEEP

24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5b:gh+ZkldoPK8YaKGb

Score

10^/10

revengerat marzo26 discovery trojan

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

- Target
  
  00682d210dea4a5805e7af00d45a7d242a29065ab8495389548d1a1e9d0d1ac5
- Size
  
  905KB
- MD5
  
  d921cb7a7f1f0e5947adec26c434e326
- SHA1
  
  009040c2d837c87ef49fcff0c6419fde280e4d9e
- SHA256
  
  00682d210dea4a5805e7af00d45a7d242a29065ab8495389548d1a1e9d0d1ac5
- SHA512
  
  01bfc39483d7b285f7fdc16177df1a31ba56104157e405106a99c44601c9d5237d6b78d3ecf3af1b91c9af623c498df5dd1cdaee1839d5e6114f3fafeb8e60f2
- SSDEEP
  
  24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5b:gh+ZkldoPK8YaKGb
Score

10^/10

revengerat marzo26 discovery trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Revengerat family
  revengerat
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

revengeratmarzo26discoverytrojan

behavioral2

revengeratmarzo26discoverytrojan