Overview

overview

10

Static

static

5

2eaec2d986...20.exe

windows7-x64

10

2eaec2d986...20.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2eaec2d986beadd334a51ff56a720720.exe

  • Size

    951KB

  • Sample

    240706-ck3qpasfrl

  • MD5

    2eaec2d986beadd334a51ff56a720720

  • SHA1

    0dc63e7ba7f3973bf5d7324898fa00626a16b0e4

  • SHA256

    bf157cd131e40dc070fdc2f88ebf4810e2b9fcb2642ed897fd93a783395b6177

  • SHA512

    2384d44b43c1cd9b192fa6211b9ebeddb927c45ffe391dfe0bd80053813774a4d94e1e0a5e9b364b271a191b75c2c479f9b7ec57d72c25ed7c8a227ae77b9e05

  • SSDEEP

    24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT50:Rh+ZkldDPK8YaKj0

Score
10/10
revengeratmarzo26trojan

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

    • Target

      2eaec2d986beadd334a51ff56a720720.exe

    • Size

      951KB

    • MD5

      2eaec2d986beadd334a51ff56a720720

    • SHA1

      0dc63e7ba7f3973bf5d7324898fa00626a16b0e4

    • SHA256

      bf157cd131e40dc070fdc2f88ebf4810e2b9fcb2642ed897fd93a783395b6177

    • SHA512

      2384d44b43c1cd9b192fa6211b9ebeddb927c45ffe391dfe0bd80053813774a4d94e1e0a5e9b364b271a191b75c2c479f9b7ec57d72c25ed7c8a227ae77b9e05

    • SSDEEP

      24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT50:Rh+ZkldDPK8YaKj0

    Score
    10/10
    revengeratmarzo26trojan

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

      trojanrevengerat

    • Drops startup file

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks