General

  • Target

    4924f7e800fe18026813adfc87ea4440N.exe

  • Size

    951KB

  • Sample

    240813-l6fmqaxejf

  • MD5

    4924f7e800fe18026813adfc87ea4440

  • SHA1

    6dc012c11ec9949eca8e5889902bb7275cd21263

  • SHA256

    69d0d2c69fde9fae23cfb0098bb7d6266a5988bfd3119a76e448c9aba0462fb1

  • SHA512

    4aa8d1c8df16851041bfdb16b33192bda6b7a44025f76a6e38bfa683af20a9e6c6dc16d32b1ca5c782b7cc7080b696d9c11de23b7827b151ba6d79be0f563cd9

  • SSDEEP

    24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT5Q:Rh+ZkldDPK8YaKjQ

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

    • Target

      4924f7e800fe18026813adfc87ea4440N.exe

    • Size

      951KB

    • MD5

      4924f7e800fe18026813adfc87ea4440

    • SHA1

      6dc012c11ec9949eca8e5889902bb7275cd21263

    • SHA256

      69d0d2c69fde9fae23cfb0098bb7d6266a5988bfd3119a76e448c9aba0462fb1

    • SHA512

      4aa8d1c8df16851041bfdb16b33192bda6b7a44025f76a6e38bfa683af20a9e6c6dc16d32b1ca5c782b7cc7080b696d9c11de23b7827b151ba6d79be0f563cd9

    • SSDEEP

      24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT5Q:Rh+ZkldDPK8YaKjQ

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

    • Drops startup file

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks