Overview

overview

10

Static

static

5

1fe04b8c8f...0N.exe

windows7-x64

10

1fe04b8c8f...0N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1fe04b8c8f28336dd5edfcc7673e45c0N.exe

  • Size

    904KB

  • Sample

    240720-2y2g8a1dlq

  • MD5

    1fe04b8c8f28336dd5edfcc7673e45c0

  • SHA1

    ce2e997bd733ff571f3062800c1be3e6d2a2bd96

  • SHA256

    ffc32dc266df6da9a95f83b8155e65f72d9fe44461a9bf53281a2a4bd0b27737

  • SHA512

    f514085b118f3f7ecef9479d4a5e0b7e06533089120dc12824b212f1c4ff0bd8604163097c4b2e2027113747add154fa7e125f5e59ac510bf55e5609a7615c18

  • SSDEEP

    24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5g:gh+ZkldoPK8YaKGg

Score
10/10
revengeratmarzo26trojan

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

    • Target

      1fe04b8c8f28336dd5edfcc7673e45c0N.exe

    • Size

      904KB

    • MD5

      1fe04b8c8f28336dd5edfcc7673e45c0

    • SHA1

      ce2e997bd733ff571f3062800c1be3e6d2a2bd96

    • SHA256

      ffc32dc266df6da9a95f83b8155e65f72d9fe44461a9bf53281a2a4bd0b27737

    • SHA512

      f514085b118f3f7ecef9479d4a5e0b7e06533089120dc12824b212f1c4ff0bd8604163097c4b2e2027113747add154fa7e125f5e59ac510bf55e5609a7615c18

    • SSDEEP

      24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5g:gh+ZkldoPK8YaKGg

    Score
    10/10
    revengeratmarzo26trojan

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

      trojanrevengerat

    • Drops startup file

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks