General

  • Target

    6498a2a5c88f5fc35f9b4d3081b96ff0N.exe

  • Size

    951KB

  • Sample

    240731-ewz52swdqn

  • MD5

    6498a2a5c88f5fc35f9b4d3081b96ff0

  • SHA1

    589498c7a2aa54e71dbdacb90d38ec3a8cda469b

  • SHA256

    d03231b453198207d93dd1253a7ed388d735e46a51db307c80beee81adb5bf80

  • SHA512

    257ceb43870ed3bab1dab32da7b04ec958bde8bb94f4ed2755b7ee0568438aa7081743414283c40950401b974de10922ace0e9be55252fbecc2340c3f362ff87

  • SSDEEP

    24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT5h:Rh+ZkldDPK8YaKjh

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

    • Target

      6498a2a5c88f5fc35f9b4d3081b96ff0N.exe

    • Size

      951KB

    • MD5

      6498a2a5c88f5fc35f9b4d3081b96ff0

    • SHA1

      589498c7a2aa54e71dbdacb90d38ec3a8cda469b

    • SHA256

      d03231b453198207d93dd1253a7ed388d735e46a51db307c80beee81adb5bf80

    • SHA512

      257ceb43870ed3bab1dab32da7b04ec958bde8bb94f4ed2755b7ee0568438aa7081743414283c40950401b974de10922ace0e9be55252fbecc2340c3f362ff87

    • SSDEEP

      24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT5h:Rh+ZkldDPK8YaKjh

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

    • Drops startup file

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks