General

  • Target

    91e24ba051951086c9a636d47376287d1f1ee1983aa2cdbcc897f2174c0a93da

  • Size

    952KB

  • Sample

    240815-a94ceawana

  • MD5

    48ad11a0f383d571925b4a319e0aa33a

  • SHA1

    40c28b66ec52ae2e4d39a950f33f6f53d7e90fbe

  • SHA256

    91e24ba051951086c9a636d47376287d1f1ee1983aa2cdbcc897f2174c0a93da

  • SHA512

    602faf8fadb4f8aa837eb425826b1c50b46c99704a343f64c922f4758af74eec219a8ab7446c69391ed1aae4d933fc7c28d6a1a82d2e660a05f552872d80735a

  • SSDEEP

    24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT5N:Rh+ZkldDPK8YaKjN

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

    • Target

      91e24ba051951086c9a636d47376287d1f1ee1983aa2cdbcc897f2174c0a93da

    • Size

      952KB

    • MD5

      48ad11a0f383d571925b4a319e0aa33a

    • SHA1

      40c28b66ec52ae2e4d39a950f33f6f53d7e90fbe

    • SHA256

      91e24ba051951086c9a636d47376287d1f1ee1983aa2cdbcc897f2174c0a93da

    • SHA512

      602faf8fadb4f8aa837eb425826b1c50b46c99704a343f64c922f4758af74eec219a8ab7446c69391ed1aae4d933fc7c28d6a1a82d2e660a05f552872d80735a

    • SSDEEP

      24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT5N:Rh+ZkldDPK8YaKjN

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

    • Drops startup file

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks