revengerat | c8eb205d613b6796b28d92866dc979e5ef9af0770643c4a4437e84be477974f2 | Triage

Sharing

General

Target

c8eb205d613b6796b28d92866dc979e5ef9af0770643c4a4437e84be477974f2N.exe
Size

905KB
Sample

250124-g65vdsvjd1
MD5

6ffd67bef71ed5b25c356fe50b2631f0
SHA1

155f3a53c8f0b3ef862e342a30f993bdc24ba8bb
SHA256

c8eb205d613b6796b28d92866dc979e5ef9af0770643c4a4437e84be477974f2
SHA512

2d150e97030946dee486f15b172a4c6435d1a4814804e9a9226464f17b3814de08dad9ae697863abc41dba605e1bf7fd5fb019d8f80d577cedbc40cd63e0af86
SSDEEP

24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5N:gh+ZkldoPK8YaKGN

Score

10^/10

revengerat marzo26 discovery trojan

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

- Target
  
  c8eb205d613b6796b28d92866dc979e5ef9af0770643c4a4437e84be477974f2N.exe
- Size
  
  905KB
- MD5
  
  6ffd67bef71ed5b25c356fe50b2631f0
- SHA1
  
  155f3a53c8f0b3ef862e342a30f993bdc24ba8bb
- SHA256
  
  c8eb205d613b6796b28d92866dc979e5ef9af0770643c4a4437e84be477974f2
- SHA512
  
  2d150e97030946dee486f15b172a4c6435d1a4814804e9a9226464f17b3814de08dad9ae697863abc41dba605e1bf7fd5fb019d8f80d577cedbc40cd63e0af86
- SSDEEP
  
  24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5N:gh+ZkldoPK8YaKGN
Score

10^/10

revengerat marzo26 discovery trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Revengerat family
  revengerat
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

revengeratmarzo26discoverytrojan

behavioral2

revengeratmarzo26discoverytrojan