revengerat | d6561d92ee2c9949a16f2be060fffba9f322d69d422be66c68c9a65a6d3a7346 | Triage

Sharing

General

Target

d6561d92ee2c9949a16f2be060fffba9f322d69d422be66c68c9a65a6d3a7346
Size

905KB
Sample

250312-gnv78szly4
MD5

15dac175235d698a4873ee2a79e6fd8e
SHA1

302592818ebc7a73defb4973ea6ce351dd87c39a
SHA256

d6561d92ee2c9949a16f2be060fffba9f322d69d422be66c68c9a65a6d3a7346
SHA512

ca796262fd36851d7d137c8ae45ff7e7559ad8c70c74a734a466a61863e95c70bc7c6b77f418363e32e0a34419c55e2e7981aa2c19837a0142c166c2f80d1a6b
SSDEEP

24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5U:gh+ZkldoPK8YaKGU

Score

10^/10

revengerat marzo26 discovery trojan

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

- Target
  
  d6561d92ee2c9949a16f2be060fffba9f322d69d422be66c68c9a65a6d3a7346
- Size
  
  905KB
- MD5
  
  15dac175235d698a4873ee2a79e6fd8e
- SHA1
  
  302592818ebc7a73defb4973ea6ce351dd87c39a
- SHA256
  
  d6561d92ee2c9949a16f2be060fffba9f322d69d422be66c68c9a65a6d3a7346
- SHA512
  
  ca796262fd36851d7d137c8ae45ff7e7559ad8c70c74a734a466a61863e95c70bc7c6b77f418363e32e0a34419c55e2e7981aa2c19837a0142c166c2f80d1a6b
- SSDEEP
  
  24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5U:gh+ZkldoPK8YaKGU
Score

10^/10

revengerat marzo26 discovery trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Revengerat family
  revengerat
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

revengeratmarzo26discoverytrojan

behavioral2

revengeratmarzo26discoverytrojan