General

  • Target

    00b94ed015455485ae3f6563ee3be970N.exe

  • Size

    903KB

  • Sample

    240813-jv3a8ssbra

  • MD5

    00b94ed015455485ae3f6563ee3be970

  • SHA1

    6266f8e40ae7206b3b6f7b9e94e6c128f8df31b6

  • SHA256

    46a0498c366328b8e0a19e31d7bb226a1f98f4d1242399aee088e997e64c298b

  • SHA512

    d607b007bb885bd27a8ce6a94358ecfcd3bb4a78be11b054dca511c5a85f86614a7c1e9449d740c2ed7f5c04165a652bce331ee8b35adea00cf717dacf0882f0

  • SSDEEP

    24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5d:gh+ZkldoPK8YaKGd

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

    • Target

      00b94ed015455485ae3f6563ee3be970N.exe

    • Size

      903KB

    • MD5

      00b94ed015455485ae3f6563ee3be970

    • SHA1

      6266f8e40ae7206b3b6f7b9e94e6c128f8df31b6

    • SHA256

      46a0498c366328b8e0a19e31d7bb226a1f98f4d1242399aee088e997e64c298b

    • SHA512

      d607b007bb885bd27a8ce6a94358ecfcd3bb4a78be11b054dca511c5a85f86614a7c1e9449d740c2ed7f5c04165a652bce331ee8b35adea00cf717dacf0882f0

    • SSDEEP

      24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5d:gh+ZkldoPK8YaKGd

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

    • Drops startup file

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks