Overview

overview

10

Static

static

5

04067f912b...60.exe

windows7-x64

10

04067f912b...60.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    04067f912bbaea3a9b77689104eadb60.exe

  • Size

    951KB

  • Sample

    240705-zh94bavgkp

  • MD5

    04067f912bbaea3a9b77689104eadb60

  • SHA1

    1feeffa69a1b2188e66a81042db708e394487fa8

  • SHA256

    3669582633973cf621d34f328b3e365fdf49afc33c66d4d306093534600eda89

  • SHA512

    6f9581f1d7dab34755b18263243592c5557b1f8a8850a6322e221dc0b0b7b8581ad5c9ce6f4393ceb0d738cb7e56fc84d03ea622c44ab2a68c41d0197b66b595

  • SSDEEP

    24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT5H:Rh+ZkldDPK8YaKjH

Score
10/10
revengeratmarzo26trojan

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

    • Target

      04067f912bbaea3a9b77689104eadb60.exe

    • Size

      951KB

    • MD5

      04067f912bbaea3a9b77689104eadb60

    • SHA1

      1feeffa69a1b2188e66a81042db708e394487fa8

    • SHA256

      3669582633973cf621d34f328b3e365fdf49afc33c66d4d306093534600eda89

    • SHA512

      6f9581f1d7dab34755b18263243592c5557b1f8a8850a6322e221dc0b0b7b8581ad5c9ce6f4393ceb0d738cb7e56fc84d03ea622c44ab2a68c41d0197b66b595

    • SSDEEP

      24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT5H:Rh+ZkldDPK8YaKjH

    Score
    10/10
    revengeratmarzo26trojan

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

      trojanrevengerat

    • Drops startup file

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks