Overview

overview

10

Static

static

5

1ed0386e7e...35.exe

windows7-x64

10

1ed0386e7e...35.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1ed0386e7e701e5723b162ed6f57ae50a30aff3e7c2bbe55cb420b97edb21635

  • Size

    951KB

  • Sample

    240706-x4tx4s1dpn

  • MD5

    bb3c4ccb74e1272478141365e83f7664

  • SHA1

    ac1358ee54202bcb294a6cf052e91d3d61a86720

  • SHA256

    1ed0386e7e701e5723b162ed6f57ae50a30aff3e7c2bbe55cb420b97edb21635

  • SHA512

    dad1ad05cb903ac9067bfd304b009c6c3dde314e588a1a6aa1c1125bf5fe0a44d4bc5728e4368ea4d65a89eaeaf1546a1540d8843cb75ffe3c3b7efe15bf9d46

  • SSDEEP

    24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT5r:Rh+ZkldDPK8YaKjr

Score
10/10
revengeratmarzo26trojan

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

    • Target

      1ed0386e7e701e5723b162ed6f57ae50a30aff3e7c2bbe55cb420b97edb21635

    • Size

      951KB

    • MD5

      bb3c4ccb74e1272478141365e83f7664

    • SHA1

      ac1358ee54202bcb294a6cf052e91d3d61a86720

    • SHA256

      1ed0386e7e701e5723b162ed6f57ae50a30aff3e7c2bbe55cb420b97edb21635

    • SHA512

      dad1ad05cb903ac9067bfd304b009c6c3dde314e588a1a6aa1c1125bf5fe0a44d4bc5728e4368ea4d65a89eaeaf1546a1540d8843cb75ffe3c3b7efe15bf9d46

    • SSDEEP

      24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT5r:Rh+ZkldDPK8YaKjr

    Score
    10/10
    revengeratmarzo26trojan

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

      trojanrevengerat

    • Drops startup file

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks