revengerat | 9c9f8f33f3279b8e3311a7fcd2f336ccbc2c423428a2f87e5b8a53f582e8c503 | Triage

Sharing

General

Target

9c9f8f33f3279b8e3311a7fcd2f336ccbc2c423428a2f87e5b8a53f582e8c503.exe
Size

901KB
Sample

250124-btp1hsvjdj
MD5

74c9b7bc54eae2cb048221a56ebd3610
SHA1

d6932798997983c45ca690816b9ff9e3d58c99bb
SHA256

9c9f8f33f3279b8e3311a7fcd2f336ccbc2c423428a2f87e5b8a53f582e8c503
SHA512

8ca18bf1adfe5affe22b6d96a33b32a86e49857c0bd3fee489ca6bc37faf9d04f5b3be824cfb50232031cd674601dafa55dfb225b456c96bc30b1a6edfd239b2
SSDEEP

24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5X:gh+ZkldoPK8YaKGX

Score

10^/10

revengerat marzo26 discovery trojan

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

- Target
  
  9c9f8f33f3279b8e3311a7fcd2f336ccbc2c423428a2f87e5b8a53f582e8c503.exe
- Size
  
  901KB
- MD5
  
  74c9b7bc54eae2cb048221a56ebd3610
- SHA1
  
  d6932798997983c45ca690816b9ff9e3d58c99bb
- SHA256
  
  9c9f8f33f3279b8e3311a7fcd2f336ccbc2c423428a2f87e5b8a53f582e8c503
- SHA512
  
  8ca18bf1adfe5affe22b6d96a33b32a86e49857c0bd3fee489ca6bc37faf9d04f5b3be824cfb50232031cd674601dafa55dfb225b456c96bc30b1a6edfd239b2
- SSDEEP
  
  24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5X:gh+ZkldoPK8YaKGX
Score

10^/10

revengerat marzo26 discovery trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Revengerat family
  revengerat
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

revengeratmarzo26discoverytrojan

behavioral2

revengeratmarzo26discoverytrojan