General

  • Target

    9ee931faf53de455d64de05d76d697c0N.exe

  • Size

    951KB

  • Sample

    240813-leb58awake

  • MD5

    9ee931faf53de455d64de05d76d697c0

  • SHA1

    bc2d252057be9fa9613314157f2029ee3c811da8

  • SHA256

    2b32f3e4fe049872b1f7ec3b8a00d5caa6cb9b6a4378f470256e668a8c6a4325

  • SHA512

    c36559be70db27eb867ea35734fdb7e980da05b834218d12c31ee850182d99ec59bbb0e9df40e16557107e51a33d7e26bd1d408917e630f444e7798428bbbe58

  • SSDEEP

    24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT5Q:Rh+ZkldDPK8YaKjQ

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

    • Target

      9ee931faf53de455d64de05d76d697c0N.exe

    • Size

      951KB

    • MD5

      9ee931faf53de455d64de05d76d697c0

    • SHA1

      bc2d252057be9fa9613314157f2029ee3c811da8

    • SHA256

      2b32f3e4fe049872b1f7ec3b8a00d5caa6cb9b6a4378f470256e668a8c6a4325

    • SHA512

      c36559be70db27eb867ea35734fdb7e980da05b834218d12c31ee850182d99ec59bbb0e9df40e16557107e51a33d7e26bd1d408917e630f444e7798428bbbe58

    • SSDEEP

      24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT5Q:Rh+ZkldDPK8YaKjQ

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

    • Drops startup file

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks