Overview

overview

10

Static

static

5

47b5bf9944...0N.exe

windows7-x64

10

47b5bf9944...0N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    47b5bf99449d70776504bedab56e0b60N.exe

  • Size

    952KB

  • Sample

    240807-cf7h3s1fme

  • MD5

    47b5bf99449d70776504bedab56e0b60

  • SHA1

    fa192db0656e494b5cbaa3a7743b237005ff8ee3

  • SHA256

    fcba6a65284de4e1014d6c5228f594dc013e08bc02565927b272b5b04bd1a5b0

  • SHA512

    8f216c0a9990aa5367f0d1a076d50480f739c87cb93d904fbf4cec5703e562b99339253248f3cdca000fd252089f38bd10a933a2eb1cd1b3593215cca9c9dbba

  • SSDEEP

    24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT5F:Rh+ZkldDPK8YaKjF

Score
10/10
revengeratmarzo26discoverytrojan

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

    • Target

      47b5bf99449d70776504bedab56e0b60N.exe

    • Size

      952KB

    • MD5

      47b5bf99449d70776504bedab56e0b60

    • SHA1

      fa192db0656e494b5cbaa3a7743b237005ff8ee3

    • SHA256

      fcba6a65284de4e1014d6c5228f594dc013e08bc02565927b272b5b04bd1a5b0

    • SHA512

      8f216c0a9990aa5367f0d1a076d50480f739c87cb93d904fbf4cec5703e562b99339253248f3cdca000fd252089f38bd10a933a2eb1cd1b3593215cca9c9dbba

    • SSDEEP

      24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT5F:Rh+ZkldDPK8YaKjF

    Score
    10/10
    revengeratmarzo26discoverytrojan

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

      trojanrevengerat

    • Drops startup file

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks