General

  • Target

    863537d07c2f2b4fb0991a866abbedc5cd63a511fc24cf5c662d09830d049776

  • Size

    904KB

  • Sample

    240815-anp8natgjf

  • MD5

    905b7cb3bf2b7eb22b61f1b5e64e7cc7

  • SHA1

    c13adfef431b0d835bf67827f4c58d37a5377e60

  • SHA256

    863537d07c2f2b4fb0991a866abbedc5cd63a511fc24cf5c662d09830d049776

  • SHA512

    4c68cdf73c8acf73a2a571ceaf5ffaac4ff67f09b914f2bbb62a03f7f32fc82926e1952c57911ad6e775048e8d7f5ec2836832e1db18e1e2e1a64bcc74e88767

  • SSDEEP

    24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa51:gh+ZkldoPK8YaKG1

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

    • Target

      863537d07c2f2b4fb0991a866abbedc5cd63a511fc24cf5c662d09830d049776

    • Size

      904KB

    • MD5

      905b7cb3bf2b7eb22b61f1b5e64e7cc7

    • SHA1

      c13adfef431b0d835bf67827f4c58d37a5377e60

    • SHA256

      863537d07c2f2b4fb0991a866abbedc5cd63a511fc24cf5c662d09830d049776

    • SHA512

      4c68cdf73c8acf73a2a571ceaf5ffaac4ff67f09b914f2bbb62a03f7f32fc82926e1952c57911ad6e775048e8d7f5ec2836832e1db18e1e2e1a64bcc74e88767

    • SSDEEP

      24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa51:gh+ZkldoPK8YaKG1

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

    • Drops startup file

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks