General

  • Target

    d30ff7766084859f22546aca5b1932a42a0ad58df26e56c93a1081fee7112bd9

  • Size

    952KB

  • Sample

    240813-a5mtvsvepd

  • MD5

    b2ac9181e76292c21ed85b66215c7e49

  • SHA1

    45fabd926afb669cdc05ee6e8b2d2b0a12fed156

  • SHA256

    d30ff7766084859f22546aca5b1932a42a0ad58df26e56c93a1081fee7112bd9

  • SHA512

    ff481de3dd44a3fec9263105dc79bcacf62359fdcb1e551e304292b030788e98a29dd3bfedd43f614b0ca1f60be871bcf37998288ac8a392851af9cf3ebbf437

  • SSDEEP

    24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT5b:Rh+ZkldDPK8YaKjb

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

    • Target

      d30ff7766084859f22546aca5b1932a42a0ad58df26e56c93a1081fee7112bd9

    • Size

      952KB

    • MD5

      b2ac9181e76292c21ed85b66215c7e49

    • SHA1

      45fabd926afb669cdc05ee6e8b2d2b0a12fed156

    • SHA256

      d30ff7766084859f22546aca5b1932a42a0ad58df26e56c93a1081fee7112bd9

    • SHA512

      ff481de3dd44a3fec9263105dc79bcacf62359fdcb1e551e304292b030788e98a29dd3bfedd43f614b0ca1f60be871bcf37998288ac8a392851af9cf3ebbf437

    • SSDEEP

      24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT5b:Rh+ZkldDPK8YaKjb

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

    • Drops startup file

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks