General

  • Target

    86766f31720b141416f36b26a65deeb0N.exe

  • Size

    951KB

  • Sample

    240813-vef9lsvfnd

  • MD5

    86766f31720b141416f36b26a65deeb0

  • SHA1

    d24d5532cbb8f09e23b0adc1da77a0b243a34652

  • SHA256

    1dd59adae92167294d93a5dd548d2f19a9334b4b71b3af5288af82682b4a15a8

  • SHA512

    136ad4f0b70753dd6217155cc7c638086965d9b3e2249e047fd95a63f8715a48b5db999e58f5812e33b6db766e88613de0df5b524a1d94c4683fe13fcd06f32b

  • SSDEEP

    24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT5d:Rh+ZkldDPK8YaKjd

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

    • Target

      86766f31720b141416f36b26a65deeb0N.exe

    • Size

      951KB

    • MD5

      86766f31720b141416f36b26a65deeb0

    • SHA1

      d24d5532cbb8f09e23b0adc1da77a0b243a34652

    • SHA256

      1dd59adae92167294d93a5dd548d2f19a9334b4b71b3af5288af82682b4a15a8

    • SHA512

      136ad4f0b70753dd6217155cc7c638086965d9b3e2249e047fd95a63f8715a48b5db999e58f5812e33b6db766e88613de0df5b524a1d94c4683fe13fcd06f32b

    • SSDEEP

      24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT5d:Rh+ZkldDPK8YaKjd

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

    • Drops startup file

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks