General

  • Target

    c2ed26795ba777c338ac3af6201dfd6b7a0338a083b26ce4537bae5a304ede54

  • Size

    903KB

  • Sample

    240811-cj2r1azejm

  • MD5

    5895d362cd380f2c87bead5a6909d1a7

  • SHA1

    88cc632af002640f76c9932e5268cdf28a647f31

  • SHA256

    c2ed26795ba777c338ac3af6201dfd6b7a0338a083b26ce4537bae5a304ede54

  • SHA512

    034ec8fa65cce484a21ea102cc117671d2bc0e2fe2f01ff5095fd4995ba52131eb009ff826577d5ff80057ea1286d40b543a0f757c7eed9d138dd4d257af905e

  • SSDEEP

    24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5Y:gh+ZkldoPK8YaKGY

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

    • Target

      c2ed26795ba777c338ac3af6201dfd6b7a0338a083b26ce4537bae5a304ede54

    • Size

      903KB

    • MD5

      5895d362cd380f2c87bead5a6909d1a7

    • SHA1

      88cc632af002640f76c9932e5268cdf28a647f31

    • SHA256

      c2ed26795ba777c338ac3af6201dfd6b7a0338a083b26ce4537bae5a304ede54

    • SHA512

      034ec8fa65cce484a21ea102cc117671d2bc0e2fe2f01ff5095fd4995ba52131eb009ff826577d5ff80057ea1286d40b543a0f757c7eed9d138dd4d257af905e

    • SSDEEP

      24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5Y:gh+ZkldoPK8YaKGY

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

    • Drops startup file

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks