General

  • Target

    7235c131cad5d81aaf16cfceb78ec41ec1f03a621c1af65022b0ece7a5c51be8

  • Size

    952KB

  • Sample

    240814-267n7s1clc

  • MD5

    9eb67d972af2f7e90ff279b506c64d6f

  • SHA1

    6dd4c74d1b7d690076994f7f0711c8b8309add8f

  • SHA256

    7235c131cad5d81aaf16cfceb78ec41ec1f03a621c1af65022b0ece7a5c51be8

  • SHA512

    f81c590b7ae45c53ab3d496951f3d4d0b6bde0d2a4d870de01321c8496160147b4cc3a48d403d87ae883b863e4a120f7ce1c5f4750971bed50ed212fa604be5f

  • SSDEEP

    24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT5x:Rh+ZkldDPK8YaKjx

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

    • Target

      7235c131cad5d81aaf16cfceb78ec41ec1f03a621c1af65022b0ece7a5c51be8

    • Size

      952KB

    • MD5

      9eb67d972af2f7e90ff279b506c64d6f

    • SHA1

      6dd4c74d1b7d690076994f7f0711c8b8309add8f

    • SHA256

      7235c131cad5d81aaf16cfceb78ec41ec1f03a621c1af65022b0ece7a5c51be8

    • SHA512

      f81c590b7ae45c53ab3d496951f3d4d0b6bde0d2a4d870de01321c8496160147b4cc3a48d403d87ae883b863e4a120f7ce1c5f4750971bed50ed212fa604be5f

    • SSDEEP

      24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT5x:Rh+ZkldDPK8YaKjx

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

    • Drops startup file

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks