General

  • Target

    417a95b4f266296ea1f38ad63d3563d0N.exe

  • Size

    903KB

  • Sample

    240814-18cq6syclg

  • MD5

    417a95b4f266296ea1f38ad63d3563d0

  • SHA1

    74c98879f4d944ad94717202cd020c3e474ded06

  • SHA256

    5c4525216c91f4a4585791f5360a531e297ce9f0c0022c6ef663c9b8a01c5843

  • SHA512

    a550129097a7699383c53e2106334e55f58110a2bdbd9e956205a9bfd406bb260c8489a7135b98490c999e1f4bf306f9d15143199a9779843e48ca3ceb8dcf55

  • SSDEEP

    24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5d:gh+ZkldoPK8YaKGd

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

    • Target

      417a95b4f266296ea1f38ad63d3563d0N.exe

    • Size

      903KB

    • MD5

      417a95b4f266296ea1f38ad63d3563d0

    • SHA1

      74c98879f4d944ad94717202cd020c3e474ded06

    • SHA256

      5c4525216c91f4a4585791f5360a531e297ce9f0c0022c6ef663c9b8a01c5843

    • SHA512

      a550129097a7699383c53e2106334e55f58110a2bdbd9e956205a9bfd406bb260c8489a7135b98490c999e1f4bf306f9d15143199a9779843e48ca3ceb8dcf55

    • SSDEEP

      24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5d:gh+ZkldoPK8YaKGd

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

    • Drops startup file

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks