revengerat | fd519dfafaa6aba4d8cdb126ed54f986aff904c24b48151c9416fde728951e12 | Triage

Sharing

General

Target

fd519dfafaa6aba4d8cdb126ed54f986aff904c24b48151c9416fde728951e12
Size

905KB
Sample

250110-m1s7asvmem
MD5

403b8d3f73973c6f41157894d98dcdad
SHA1

df0d0b1dbaad81f9fc92e5ec3c7641e5985c4368
SHA256

fd519dfafaa6aba4d8cdb126ed54f986aff904c24b48151c9416fde728951e12
SHA512

08f58d855dfb09bdbcb03e477f429dda9f4b836f59b8e4d3d1356baf5cb16e1b3ed6265e8e2994ffd048ef34cbfec08c1c4ae9e236dbecaeed34f5c2b0543ef4
SSDEEP

24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5y:gh+ZkldoPK8YaKGy

Score

10^/10

revengerat marzo26 discovery trojan

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

- Target
  
  fd519dfafaa6aba4d8cdb126ed54f986aff904c24b48151c9416fde728951e12
- Size
  
  905KB
- MD5
  
  403b8d3f73973c6f41157894d98dcdad
- SHA1
  
  df0d0b1dbaad81f9fc92e5ec3c7641e5985c4368
- SHA256
  
  fd519dfafaa6aba4d8cdb126ed54f986aff904c24b48151c9416fde728951e12
- SHA512
  
  08f58d855dfb09bdbcb03e477f429dda9f4b836f59b8e4d3d1356baf5cb16e1b3ed6265e8e2994ffd048ef34cbfec08c1c4ae9e236dbecaeed34f5c2b0543ef4
- SSDEEP
  
  24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5y:gh+ZkldoPK8YaKGy
Score

10^/10

revengerat marzo26 discovery trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Revengerat family
  revengerat
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

revengeratmarzo26discoverytrojan

behavioral2

revengeratmarzo26discoverytrojan