revengerat | e5bd7d35855b5e459412ca15616c39bdcfd879497e4d0ef9020620b3fd23339b | Triage

Sharing

General

Target

e5bd7d35855b5e459412ca15616c39bdcfd879497e4d0ef9020620b3fd23339bN.exe
Size

905KB
Sample

250112-w3kglstkfx
MD5

08fffac20458a046dd4173d04a36c540
SHA1

89077a3d76d8769a3d40b8f6d82e8a07723c3d51
SHA256

e5bd7d35855b5e459412ca15616c39bdcfd879497e4d0ef9020620b3fd23339b
SHA512

e58ca9735a414a56cff21f6bdad59b4cc3e6d37da0ce6f37d12f532a6ebec610cdf6a18f174a8ba476bcfa5130fc4adfc85c2a85115dac78a2261949e666ce91
SSDEEP

24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5h:gh+ZkldoPK8YaKGh

Score

10^/10

revengerat marzo26 discovery trojan

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

- Target
  
  e5bd7d35855b5e459412ca15616c39bdcfd879497e4d0ef9020620b3fd23339bN.exe
- Size
  
  905KB
- MD5
  
  08fffac20458a046dd4173d04a36c540
- SHA1
  
  89077a3d76d8769a3d40b8f6d82e8a07723c3d51
- SHA256
  
  e5bd7d35855b5e459412ca15616c39bdcfd879497e4d0ef9020620b3fd23339b
- SHA512
  
  e58ca9735a414a56cff21f6bdad59b4cc3e6d37da0ce6f37d12f532a6ebec610cdf6a18f174a8ba476bcfa5130fc4adfc85c2a85115dac78a2261949e666ce91
- SSDEEP
  
  24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5h:gh+ZkldoPK8YaKGh
Score

10^/10

revengerat marzo26 discovery trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Revengerat family
  revengerat
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

revengeratmarzo26discoverytrojan

behavioral2

revengeratmarzo26discoverytrojan