General

  • Target

    053d34daddd31baa15adcb049da9dab0N.exe

  • Size

    951KB

  • Sample

    240813-pbp5fsselc

  • MD5

    053d34daddd31baa15adcb049da9dab0

  • SHA1

    6bc84a0842ba30ed680d99246b0d18d270833f69

  • SHA256

    4a0b5e28393f0458ed6b0d673f558f76a602a462f2f69ee1f01bc90e4a6a2a59

  • SHA512

    4341197b2f017d6901fc0ac42025265f0c70564f08141eebcdfe70003b13015f5384d520f8db8f3dc868c604120a9482520dfc29aedb131a0a75e9c91d9e8606

  • SSDEEP

    24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT5z:Rh+ZkldDPK8YaKjz

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

    • Target

      053d34daddd31baa15adcb049da9dab0N.exe

    • Size

      951KB

    • MD5

      053d34daddd31baa15adcb049da9dab0

    • SHA1

      6bc84a0842ba30ed680d99246b0d18d270833f69

    • SHA256

      4a0b5e28393f0458ed6b0d673f558f76a602a462f2f69ee1f01bc90e4a6a2a59

    • SHA512

      4341197b2f017d6901fc0ac42025265f0c70564f08141eebcdfe70003b13015f5384d520f8db8f3dc868c604120a9482520dfc29aedb131a0a75e9c91d9e8606

    • SSDEEP

      24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT5z:Rh+ZkldDPK8YaKjz

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

    • Drops startup file

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks