revengerat | ecc360ddce51949c894b2abed971fb2802f97a72149b9c3db2808119cd5e5b2c | Triage

Sharing

General

Target

ecc360ddce51949c894b2abed971fb2802f97a72149b9c3db2808119cd5e5b2c.exe
Size

905KB
Sample

250112-kzdn4sxrgn
MD5

ea7d533d92a38efb49c4469e7f7246a5
SHA1

0e96242d240449df908b773cdb6b7341939353e0
SHA256

ecc360ddce51949c894b2abed971fb2802f97a72149b9c3db2808119cd5e5b2c
SHA512

6cbe05f218c291b9e0f7fe73a78a85ea16af6fe8e09afc81e5681812260bd93d9aed19551f72ca978f935121371c8726d30268933844b1bd1be7dd8071ac9770
SSDEEP

24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5x:gh+ZkldoPK8YaKGx

Score

10^/10

revengerat marzo26 discovery trojan

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

- Target
  
  ecc360ddce51949c894b2abed971fb2802f97a72149b9c3db2808119cd5e5b2c.exe
- Size
  
  905KB
- MD5
  
  ea7d533d92a38efb49c4469e7f7246a5
- SHA1
  
  0e96242d240449df908b773cdb6b7341939353e0
- SHA256
  
  ecc360ddce51949c894b2abed971fb2802f97a72149b9c3db2808119cd5e5b2c
- SHA512
  
  6cbe05f218c291b9e0f7fe73a78a85ea16af6fe8e09afc81e5681812260bd93d9aed19551f72ca978f935121371c8726d30268933844b1bd1be7dd8071ac9770
- SSDEEP
  
  24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5x:gh+ZkldoPK8YaKGx
Score

10^/10

revengerat marzo26 discovery trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Revengerat family
  revengerat
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

revengeratmarzo26discoverytrojan

behavioral2

revengeratmarzo26discoverytrojan