revengerat | 292f87d83ee9b2a273835c3e25a21203c3fd2ce59924cb0abd898de04501e503 | Triage

Sharing

General

Target

292f87d83ee9b2a273835c3e25a21203c3fd2ce59924cb0abd898de04501e503N.exe
Size

901KB
Sample

250124-et5bzszqgn
MD5

128f6700fef7693607db29ea33f470a0
SHA1

9a903547c0cd23a538ba6328b7e05a6347d3be07
SHA256

292f87d83ee9b2a273835c3e25a21203c3fd2ce59924cb0abd898de04501e503
SHA512

41820d2c96e73d3b169b8d0f8566cbfb7d2935f9eea9754748aab4b18dd74560761bd443ae79a3ed50cab841d7a232c9a45911af3a37ff9d225bb4c6fe6c4370
SSDEEP

24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5y:gh+ZkldoPK8YaKGy

Score

10^/10

revengerat marzo26 discovery trojan

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

- Target
  
  292f87d83ee9b2a273835c3e25a21203c3fd2ce59924cb0abd898de04501e503N.exe
- Size
  
  901KB
- MD5
  
  128f6700fef7693607db29ea33f470a0
- SHA1
  
  9a903547c0cd23a538ba6328b7e05a6347d3be07
- SHA256
  
  292f87d83ee9b2a273835c3e25a21203c3fd2ce59924cb0abd898de04501e503
- SHA512
  
  41820d2c96e73d3b169b8d0f8566cbfb7d2935f9eea9754748aab4b18dd74560761bd443ae79a3ed50cab841d7a232c9a45911af3a37ff9d225bb4c6fe6c4370
- SSDEEP
  
  24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5y:gh+ZkldoPK8YaKGy
Score

10^/10

revengerat marzo26 discovery trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Revengerat family
  revengerat
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

revengeratmarzo26discoverytrojan

behavioral2

revengeratmarzo26discoverytrojan