revengerat | e686a150e41f9c6809cbc1ba16bd42b268a52bc020bf7c6e4ff743eaec65ee0c | Triage

Sharing

General

Target

e686a150e41f9c6809cbc1ba16bd42b268a52bc020bf7c6e4ff743eaec65ee0c.exe
Size

904KB
Sample

250102-gjyskaypgk
MD5

0e99bbe0a5fc92dc95d20c2f239e96e0
SHA1

a028d1a7b262eee461d7da5f2648416d5af2ffcb
SHA256

e686a150e41f9c6809cbc1ba16bd42b268a52bc020bf7c6e4ff743eaec65ee0c
SHA512

8aeb853ddc595e828d15e54b6aa66138d5351cb295a8a629dee7bb2f8510dbde3a07d31ea0a408acf2bb7e97ad47917e730c5f2b8b12d58839cd02d02f17ad76
SSDEEP

24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5l:gh+ZkldoPK8YaKGl

Score

10^/10

revengerat marzo26 discovery trojan

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

- Target
  
  e686a150e41f9c6809cbc1ba16bd42b268a52bc020bf7c6e4ff743eaec65ee0c.exe
- Size
  
  904KB
- MD5
  
  0e99bbe0a5fc92dc95d20c2f239e96e0
- SHA1
  
  a028d1a7b262eee461d7da5f2648416d5af2ffcb
- SHA256
  
  e686a150e41f9c6809cbc1ba16bd42b268a52bc020bf7c6e4ff743eaec65ee0c
- SHA512
  
  8aeb853ddc595e828d15e54b6aa66138d5351cb295a8a629dee7bb2f8510dbde3a07d31ea0a408acf2bb7e97ad47917e730c5f2b8b12d58839cd02d02f17ad76
- SSDEEP
  
  24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5l:gh+ZkldoPK8YaKGl
Score

10^/10

revengerat marzo26 discovery trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Revengerat family
  revengerat
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

revengeratmarzo26discoverytrojan

behavioral2

revengeratmarzo26discoverytrojan