Overview

overview

10

Static

static

5

1c81ed78bf...0N.exe

windows7-x64

10

1c81ed78bf...0N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1c81ed78bf1619861b8868f253ac0f00N.exe

  • Size

    904KB

  • Sample

    240719-22fd6aybjf

  • MD5

    1c81ed78bf1619861b8868f253ac0f00

  • SHA1

    dd4cc7c5c575fe975a1c9d9b6af8eac205b2f23d

  • SHA256

    8d4b4881fe7ec4a4e268cee59aad5c20fb8d87e86c1bd9c6bcf0d1d3fd4abf21

  • SHA512

    3a8db7f37c89f081c72b7964e6b2966a467d3ccd6b19833a8db359c1d5bac6da4625240cab5bf800cf75ea5473b10b8ed90622a60d9cb61ae0187caced14cb71

  • SSDEEP

    24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5F:gh+ZkldoPK8YaKGF

Score
10/10
revengeratmarzo26trojan

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

    • Target

      1c81ed78bf1619861b8868f253ac0f00N.exe

    • Size

      904KB

    • MD5

      1c81ed78bf1619861b8868f253ac0f00

    • SHA1

      dd4cc7c5c575fe975a1c9d9b6af8eac205b2f23d

    • SHA256

      8d4b4881fe7ec4a4e268cee59aad5c20fb8d87e86c1bd9c6bcf0d1d3fd4abf21

    • SHA512

      3a8db7f37c89f081c72b7964e6b2966a467d3ccd6b19833a8db359c1d5bac6da4625240cab5bf800cf75ea5473b10b8ed90622a60d9cb61ae0187caced14cb71

    • SSDEEP

      24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5F:gh+ZkldoPK8YaKGF

    Score
    10/10
    revengeratmarzo26trojan

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

      trojanrevengerat

    • Drops startup file

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks