Overview

overview

10

Static

static

5

170576b92e...0N.exe

windows7-x64

10

170576b92e...0N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    170576b92e1b5922fc1b66ffcfad19b0N.exe

  • Size

    952KB

  • Sample

    240802-262sysvblq

  • MD5

    170576b92e1b5922fc1b66ffcfad19b0

  • SHA1

    7912d7719ee36a3ba8b9898429a1c2c13c8030ea

  • SHA256

    3a1f2b47c4111d3cabd636e09372f648dcd566be6111e0e7b719d69829c6039a

  • SHA512

    dbd40ce50cfbe66593689a7f7022e4bb0b6dec170e139399c15e7fdb13a33724a8cc99b8e10ff549f907ce5d345c8bab5472bffa12adc2e97ea400aa745c7d56

  • SSDEEP

    24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT5t:Rh+ZkldDPK8YaKjt

Score
10/10
revengeratmarzo26discoverytrojan

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

    • Target

      170576b92e1b5922fc1b66ffcfad19b0N.exe

    • Size

      952KB

    • MD5

      170576b92e1b5922fc1b66ffcfad19b0

    • SHA1

      7912d7719ee36a3ba8b9898429a1c2c13c8030ea

    • SHA256

      3a1f2b47c4111d3cabd636e09372f648dcd566be6111e0e7b719d69829c6039a

    • SHA512

      dbd40ce50cfbe66593689a7f7022e4bb0b6dec170e139399c15e7fdb13a33724a8cc99b8e10ff549f907ce5d345c8bab5472bffa12adc2e97ea400aa745c7d56

    • SSDEEP

      24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT5t:Rh+ZkldDPK8YaKjt

    Score
    10/10
    revengeratmarzo26discoverytrojan

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

      trojanrevengerat

    • Drops startup file

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks