revengerat | 525c81837a9db8e26aa4940b2d1c995e4c51502e1feb76ef4d063bb036490093 | Triage

Sharing

General

Target

525c81837a9db8e26aa4940b2d1c995e4c51502e1feb76ef4d063bb036490093N.exe
Size

905KB
Sample

241231-yd923sykar
MD5

e49573e6de6196066a5b7b0d253fc440
SHA1

0d67479d84fa3ca71528fbf3893b5e998331be1c
SHA256

525c81837a9db8e26aa4940b2d1c995e4c51502e1feb76ef4d063bb036490093
SHA512

818a81c510ec949d3c53b8b52d1a5f0e5213478dc8bbeacf331b8f5566407c1145d3162368d991d0f7bb63c7b4a6d7af236d447f255db995833096023a2d9fac
SSDEEP

24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5o:gh+ZkldoPK8YaKGo

Score

10^/10

revengerat marzo26 discovery trojan

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

- Target
  
  525c81837a9db8e26aa4940b2d1c995e4c51502e1feb76ef4d063bb036490093N.exe
- Size
  
  905KB
- MD5
  
  e49573e6de6196066a5b7b0d253fc440
- SHA1
  
  0d67479d84fa3ca71528fbf3893b5e998331be1c
- SHA256
  
  525c81837a9db8e26aa4940b2d1c995e4c51502e1feb76ef4d063bb036490093
- SHA512
  
  818a81c510ec949d3c53b8b52d1a5f0e5213478dc8bbeacf331b8f5566407c1145d3162368d991d0f7bb63c7b4a6d7af236d447f255db995833096023a2d9fac
- SSDEEP
  
  24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5o:gh+ZkldoPK8YaKGo
Score

10^/10

revengerat marzo26 discovery trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Revengerat family
  revengerat
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

revengeratmarzo26discoverytrojan

behavioral2

revengeratmarzo26discoverytrojan