General

  • Target

    9230f96ec8b5327f1fd67b5a91699000N.exe

  • Size

    951KB

  • Sample

    240813-fbxd4azcnp

  • MD5

    9230f96ec8b5327f1fd67b5a91699000

  • SHA1

    abe1085b2fad69e8e97c006cd88611d308a74e92

  • SHA256

    87d1c98e140e9ff52078b66ec2380b9940a0b264e60ab5b65455cf98d07bcb0b

  • SHA512

    78fcd41aadb3a8055dbd719294b1dd10544d78894a595662b512c3d6aa703d355abad7ad3c2d9e3aa7b6b16122782c2cce6190b4e94bc839ba857dae20e20765

  • SSDEEP

    24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT5/:Rh+ZkldDPK8YaKj/

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

    • Target

      9230f96ec8b5327f1fd67b5a91699000N.exe

    • Size

      951KB

    • MD5

      9230f96ec8b5327f1fd67b5a91699000

    • SHA1

      abe1085b2fad69e8e97c006cd88611d308a74e92

    • SHA256

      87d1c98e140e9ff52078b66ec2380b9940a0b264e60ab5b65455cf98d07bcb0b

    • SHA512

      78fcd41aadb3a8055dbd719294b1dd10544d78894a595662b512c3d6aa703d355abad7ad3c2d9e3aa7b6b16122782c2cce6190b4e94bc839ba857dae20e20765

    • SSDEEP

      24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT5/:Rh+ZkldDPK8YaKj/

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

    • Drops startup file

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks