General
-
Target
82b647c8ea0b602981d494d6bfb3496921983a1b899eb4de42324d80ac567f61
-
Size
951KB
-
Sample
240705-3ng69sygrm
-
MD5
246ec92009edc681a3f6783ff277269b
-
SHA1
3a0bd2365c1c280ec3367c83cbd3b5505518fcf2
-
SHA256
82b647c8ea0b602981d494d6bfb3496921983a1b899eb4de42324d80ac567f61
-
SHA512
0521e094b1411993778556541b911e80914dfffd112324afc4a4f336943a212c91929af9b752c0bfa59725b2a8a9783067a770768694acdb80d77d6415a4bb6e
-
SSDEEP
24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT5q:Rh+ZkldDPK8YaKjq
Malware Config
Extracted
revengerat
Marzo26
marzorevenger.duckdns.org:4230
RV_MUTEX-PiGGjjtnxDpn
Targets
-
-
Target
82b647c8ea0b602981d494d6bfb3496921983a1b899eb4de42324d80ac567f61
-
Size
951KB
-
MD5
246ec92009edc681a3f6783ff277269b
-
SHA1
3a0bd2365c1c280ec3367c83cbd3b5505518fcf2
-
SHA256
82b647c8ea0b602981d494d6bfb3496921983a1b899eb4de42324d80ac567f61
-
SHA512
0521e094b1411993778556541b911e80914dfffd112324afc4a4f336943a212c91929af9b752c0bfa59725b2a8a9783067a770768694acdb80d77d6415a4bb6e
-
SSDEEP
24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT5q:Rh+ZkldDPK8YaKjq
Score10/10-
RevengeRAT
Remote-access trojan with a wide range of capabilities.
-
Drops startup file
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-