General

  • Target

    60259c328533ef8fb959d96b61b47ef0N.exe

  • Size

    951KB

  • Sample

    240814-hqe5gaydra

  • MD5

    60259c328533ef8fb959d96b61b47ef0

  • SHA1

    ae74a07999226ccbc153c71d9c0a64eec71943ae

  • SHA256

    47fd9bde884a32ba5273af130b52e21e8710f555ecf32433f66c1b0132a7aeb2

  • SHA512

    9fa7f04043a3de77b13bb050700c5c1f7a70a8ac9c96ba31d1fe7f85d66af59c90c3c893c4ec142f79ae5c5f1277ec7b026ac2ce1962d995a86cdaf1e33dbb1b

  • SSDEEP

    24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT5b:Rh+ZkldDPK8YaKjb

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

    • Target

      60259c328533ef8fb959d96b61b47ef0N.exe

    • Size

      951KB

    • MD5

      60259c328533ef8fb959d96b61b47ef0

    • SHA1

      ae74a07999226ccbc153c71d9c0a64eec71943ae

    • SHA256

      47fd9bde884a32ba5273af130b52e21e8710f555ecf32433f66c1b0132a7aeb2

    • SHA512

      9fa7f04043a3de77b13bb050700c5c1f7a70a8ac9c96ba31d1fe7f85d66af59c90c3c893c4ec142f79ae5c5f1277ec7b026ac2ce1962d995a86cdaf1e33dbb1b

    • SSDEEP

      24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT5b:Rh+ZkldDPK8YaKjb

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

    • Drops startup file

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks