Overview

overview

10

Static

static

5

735d8bdf4f...f7.exe

windows7-x64

10

735d8bdf4f...f7.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    735d8bdf4f1b98fbe2c190f165dbe56756053a20b24f96b0d10bf9f2999ff0f7

  • Size

    902KB

  • Sample

    240309-23yxwsdh9t

  • MD5

    22c8dd16840503effd656c05d7ff0c71

  • SHA1

    196eb47f9abb6b0b4495a2f4f1fd032023bc953c

  • SHA256

    735d8bdf4f1b98fbe2c190f165dbe56756053a20b24f96b0d10bf9f2999ff0f7

  • SHA512

    f19bb02f7a87ac2763c7264ea88f18eefceebd329112c4eadb568609498674c68d8e5aa51edf4ecbfaace711b3cdebb34ece2452bbaa51e095acbae971172434

  • SSDEEP

    24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5y:gh+ZkldoPK8YaKGy

Score
10/10
revengeratmarzo26trojan

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

    • Target

      735d8bdf4f1b98fbe2c190f165dbe56756053a20b24f96b0d10bf9f2999ff0f7

    • Size

      902KB

    • MD5

      22c8dd16840503effd656c05d7ff0c71

    • SHA1

      196eb47f9abb6b0b4495a2f4f1fd032023bc953c

    • SHA256

      735d8bdf4f1b98fbe2c190f165dbe56756053a20b24f96b0d10bf9f2999ff0f7

    • SHA512

      f19bb02f7a87ac2763c7264ea88f18eefceebd329112c4eadb568609498674c68d8e5aa51edf4ecbfaace711b3cdebb34ece2452bbaa51e095acbae971172434

    • SSDEEP

      24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5y:gh+ZkldoPK8YaKGy

    Score
    10/10
    revengeratmarzo26trojan

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

      trojanrevengerat

    • Drops startup file

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks