General

  • Target

    d11a22f2e86e59fc6ae40be5a40a17bd122a1434712ba3310004c38e5bd21eaa

  • Size

    904KB

  • Sample

    240813-a3d4yavdmd

  • MD5

    9eba9652b339ef3c47d2129f325bef08

  • SHA1

    4d6cc229f63f44d6f4fc03c18dc5acc4fc3e2f92

  • SHA256

    d11a22f2e86e59fc6ae40be5a40a17bd122a1434712ba3310004c38e5bd21eaa

  • SHA512

    e31fcbd4a3be8e0efea3ba24d4466b3a0f2882d31a01e6974f35819f1c7c1a41e70111cb04880f151a1270106bf7e16535d7a65f5c65c44e122592d197b4ff75

  • SSDEEP

    24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5/:gh+ZkldoPK8YaKG/

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

    • Target

      d11a22f2e86e59fc6ae40be5a40a17bd122a1434712ba3310004c38e5bd21eaa

    • Size

      904KB

    • MD5

      9eba9652b339ef3c47d2129f325bef08

    • SHA1

      4d6cc229f63f44d6f4fc03c18dc5acc4fc3e2f92

    • SHA256

      d11a22f2e86e59fc6ae40be5a40a17bd122a1434712ba3310004c38e5bd21eaa

    • SHA512

      e31fcbd4a3be8e0efea3ba24d4466b3a0f2882d31a01e6974f35819f1c7c1a41e70111cb04880f151a1270106bf7e16535d7a65f5c65c44e122592d197b4ff75

    • SSDEEP

      24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5/:gh+ZkldoPK8YaKG/

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

    • Drops startup file

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks