General

  • Target

    faf8eb5385f983f5d138a581d83c9180N.exe

  • Size

    952KB

  • Sample

    240814-jbxxeavcrq

  • MD5

    faf8eb5385f983f5d138a581d83c9180

  • SHA1

    c9f942f0709341fb550de62447bc1985941176e2

  • SHA256

    9418ef6de5152b0fbb6c979f42a733799f3351fa61c18391786e5ea12acfb1d6

  • SHA512

    8f7aa3ccd45c09c2442924a377ab91dfdcf75d95f30c779ec4225cf12638f2734cf3ec9b588a7929f77c1c6017c4e8ffff5a1ac848065ec37dceb5e5e376d745

  • SSDEEP

    24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT5N:Rh+ZkldDPK8YaKjN

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

    • Target

      faf8eb5385f983f5d138a581d83c9180N.exe

    • Size

      952KB

    • MD5

      faf8eb5385f983f5d138a581d83c9180

    • SHA1

      c9f942f0709341fb550de62447bc1985941176e2

    • SHA256

      9418ef6de5152b0fbb6c979f42a733799f3351fa61c18391786e5ea12acfb1d6

    • SHA512

      8f7aa3ccd45c09c2442924a377ab91dfdcf75d95f30c779ec4225cf12638f2734cf3ec9b588a7929f77c1c6017c4e8ffff5a1ac848065ec37dceb5e5e376d745

    • SSDEEP

      24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT5N:Rh+ZkldDPK8YaKjN

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

    • Drops startup file

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks