General

  • Target

    e843af160e3a1355128dad2bc8834f30N.exe

  • Size

    904KB

  • Sample

    240813-n9s4bssdme

  • MD5

    e843af160e3a1355128dad2bc8834f30

  • SHA1

    98e5515b2d6598e77c487c0ffdbdc5948994c955

  • SHA256

    4ea63571b20358b9899f70bf5bbb18a5fd1f156f17f39b455efcb77d3855a441

  • SHA512

    5b0c0e5a8b0ce492960aaa231f8ce9418066a6b3086ddd957ba7e05e1a74806fbd56a31c7884bdb084ae971101c904e09c5b4dabe3b54a0d6813a86590d33353

  • SSDEEP

    24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa57:gh+ZkldoPK8YaKG7

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

    • Target

      e843af160e3a1355128dad2bc8834f30N.exe

    • Size

      904KB

    • MD5

      e843af160e3a1355128dad2bc8834f30

    • SHA1

      98e5515b2d6598e77c487c0ffdbdc5948994c955

    • SHA256

      4ea63571b20358b9899f70bf5bbb18a5fd1f156f17f39b455efcb77d3855a441

    • SHA512

      5b0c0e5a8b0ce492960aaa231f8ce9418066a6b3086ddd957ba7e05e1a74806fbd56a31c7884bdb084ae971101c904e09c5b4dabe3b54a0d6813a86590d33353

    • SSDEEP

      24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa57:gh+ZkldoPK8YaKG7

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

    • Drops startup file

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks