Overview

overview

10

Static

static

5

abd5d1622a...c1.exe

windows7-x64

10

abd5d1622a...c1.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    abd5d1622a3b5f9838b13a29b4694224775346063270d6e581042708cc5b0bc1

  • Size

    952KB

  • Sample

    240731-dtdzcsyand

  • MD5

    3ff4c0b7bb348fe4f5ebcd7a43b0a55e

  • SHA1

    33c402a7802599d60ef1c5a7767e4e35ed562e7d

  • SHA256

    abd5d1622a3b5f9838b13a29b4694224775346063270d6e581042708cc5b0bc1

  • SHA512

    7fa65a2cb3b00260d0a46d7323ffecfc7ef09bf4dc2a7cb631f57196175028b952b3f993f8ec8ad7283e1af81422a81e76c17fcf52b984482c3677bb7d32c46e

  • SSDEEP

    24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT5d:Rh+ZkldDPK8YaKjd

Score
10/10
revengeratmarzo26discoverytrojan

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

    • Target

      abd5d1622a3b5f9838b13a29b4694224775346063270d6e581042708cc5b0bc1

    • Size

      952KB

    • MD5

      3ff4c0b7bb348fe4f5ebcd7a43b0a55e

    • SHA1

      33c402a7802599d60ef1c5a7767e4e35ed562e7d

    • SHA256

      abd5d1622a3b5f9838b13a29b4694224775346063270d6e581042708cc5b0bc1

    • SHA512

      7fa65a2cb3b00260d0a46d7323ffecfc7ef09bf4dc2a7cb631f57196175028b952b3f993f8ec8ad7283e1af81422a81e76c17fcf52b984482c3677bb7d32c46e

    • SSDEEP

      24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT5d:Rh+ZkldDPK8YaKjd

    Score
    10/10
    revengeratmarzo26discoverytrojan

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

      trojanrevengerat

    • Drops startup file

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks