General

  • Target

    c511b1c072c5724438d1585340b00380N.exe

  • Size

    952KB

  • Sample

    240815-akpgysyfrq

  • MD5

    c511b1c072c5724438d1585340b00380

  • SHA1

    538ad334a28d19f14c399d7a001e4884ceaba422

  • SHA256

    73deff9bb425259fc9c6b6bd261d0848315a410ab051205d7ccae8a74a949792

  • SHA512

    36cf7415b3e19c99cc0f877ad08b3d6c1e3de31f069d0f50165926c2a602120cfe122eb9efda0a4ef2122a2f1923e3fbbf629b66bf7346c4fbdb1ccd21030796

  • SSDEEP

    24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT5T:Rh+ZkldDPK8YaKjT

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

    • Target

      c511b1c072c5724438d1585340b00380N.exe

    • Size

      952KB

    • MD5

      c511b1c072c5724438d1585340b00380

    • SHA1

      538ad334a28d19f14c399d7a001e4884ceaba422

    • SHA256

      73deff9bb425259fc9c6b6bd261d0848315a410ab051205d7ccae8a74a949792

    • SHA512

      36cf7415b3e19c99cc0f877ad08b3d6c1e3de31f069d0f50165926c2a602120cfe122eb9efda0a4ef2122a2f1923e3fbbf629b66bf7346c4fbdb1ccd21030796

    • SSDEEP

      24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT5T:Rh+ZkldDPK8YaKjT

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

    • Drops startup file

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks