General

  • Target

    5c5d2c0bc628dce7c2a617ab24293c1cb540dcaabdd55df419b86c566ff23f4f

  • Size

    904KB

  • Sample

    240814-16wfhaybng

  • MD5

    b3a7a6da3f4008e520dbae138d9cd2c7

  • SHA1

    c9dbdb31a91feff7d3bb3c544844437742feef37

  • SHA256

    5c5d2c0bc628dce7c2a617ab24293c1cb540dcaabdd55df419b86c566ff23f4f

  • SHA512

    81f36709d45d3eef0e9fb1e7a69945e910d7524b7a17d3430290f6d23847a20552af2b17663e6ba9db790384350b52d7bf621236e7f7440a30362e5de081fdce

  • SSDEEP

    24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa56:gh+ZkldoPK8YaKG6

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

    • Target

      5c5d2c0bc628dce7c2a617ab24293c1cb540dcaabdd55df419b86c566ff23f4f

    • Size

      904KB

    • MD5

      b3a7a6da3f4008e520dbae138d9cd2c7

    • SHA1

      c9dbdb31a91feff7d3bb3c544844437742feef37

    • SHA256

      5c5d2c0bc628dce7c2a617ab24293c1cb540dcaabdd55df419b86c566ff23f4f

    • SHA512

      81f36709d45d3eef0e9fb1e7a69945e910d7524b7a17d3430290f6d23847a20552af2b17663e6ba9db790384350b52d7bf621236e7f7440a30362e5de081fdce

    • SSDEEP

      24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa56:gh+ZkldoPK8YaKG6

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

    • Drops startup file

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks