General

  • Target

    98ee7a41cb964cac0504ab5b2badfcb5acaa3a9789232835093208c870ddf5ce

  • Size

    952KB

  • Sample

    240815-bq89zsxakg

  • MD5

    8076d9dbb6521c6ee56963f918ad09c3

  • SHA1

    8f368b8298ab366e2c29c9a5f901750705415c29

  • SHA256

    98ee7a41cb964cac0504ab5b2badfcb5acaa3a9789232835093208c870ddf5ce

  • SHA512

    1ac84de9e58655861e68a05a5d860413d34c2c980c5745f651619f7ef6e197708f20eacc25717368da45ee44c6215c6f88903fb5b3b646326af21dc0f54244c9

  • SSDEEP

    24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT5S:Rh+ZkldDPK8YaKjS

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

    • Target

      98ee7a41cb964cac0504ab5b2badfcb5acaa3a9789232835093208c870ddf5ce

    • Size

      952KB

    • MD5

      8076d9dbb6521c6ee56963f918ad09c3

    • SHA1

      8f368b8298ab366e2c29c9a5f901750705415c29

    • SHA256

      98ee7a41cb964cac0504ab5b2badfcb5acaa3a9789232835093208c870ddf5ce

    • SHA512

      1ac84de9e58655861e68a05a5d860413d34c2c980c5745f651619f7ef6e197708f20eacc25717368da45ee44c6215c6f88903fb5b3b646326af21dc0f54244c9

    • SSDEEP

      24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT5S:Rh+ZkldDPK8YaKjS

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

    • Drops startup file

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks