General

  • Target

    dbe38d060d52d190bcb965fccf69a126e4ecf9b6de9b99c52b7b5d8ab842cc16

  • Size

    904KB

  • Sample

    240813-be46wswbpd

  • MD5

    83f0c8af846aa927139ccebfff494c58

  • SHA1

    9822db0b6af64936043c867cb80740b3ce4c4651

  • SHA256

    dbe38d060d52d190bcb965fccf69a126e4ecf9b6de9b99c52b7b5d8ab842cc16

  • SHA512

    f6bfd72aa790b7c639760799b50fe8a99f84e43b32c4b7751793af1fad311b5d2bd70923d51f255f3d77661ab2d5fed27dc36e4ad8a9087faf2d8b6e2c2f51d0

  • SSDEEP

    24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5B:gh+ZkldoPK8YaKGB

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

    • Target

      dbe38d060d52d190bcb965fccf69a126e4ecf9b6de9b99c52b7b5d8ab842cc16

    • Size

      904KB

    • MD5

      83f0c8af846aa927139ccebfff494c58

    • SHA1

      9822db0b6af64936043c867cb80740b3ce4c4651

    • SHA256

      dbe38d060d52d190bcb965fccf69a126e4ecf9b6de9b99c52b7b5d8ab842cc16

    • SHA512

      f6bfd72aa790b7c639760799b50fe8a99f84e43b32c4b7751793af1fad311b5d2bd70923d51f255f3d77661ab2d5fed27dc36e4ad8a9087faf2d8b6e2c2f51d0

    • SSDEEP

      24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5B:gh+ZkldoPK8YaKGB

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

    • Drops startup file

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks