General

  • Target

    a1e66af965c5a5db364cc915a32491f0N.exe

  • Size

    904KB

  • Sample

    240815-ccad6sycpe

  • MD5

    a1e66af965c5a5db364cc915a32491f0

  • SHA1

    0d7b401353b9b3b61df7651fe6be590eff5ae1d4

  • SHA256

    65599952805bc504de490e1b7615815bb71fe7573484a1bd6f719b239e830d12

  • SHA512

    fa9d2d13400ff726fa8ff911068c6eea72ef51365eb993b3f942995078d910ce255f050c6b07ec4335ef4a200a3d0a6c875cab57d64504a10894dd628cdd3e93

  • SSDEEP

    24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5y:gh+ZkldoPK8YaKGy

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

    • Target

      a1e66af965c5a5db364cc915a32491f0N.exe

    • Size

      904KB

    • MD5

      a1e66af965c5a5db364cc915a32491f0

    • SHA1

      0d7b401353b9b3b61df7651fe6be590eff5ae1d4

    • SHA256

      65599952805bc504de490e1b7615815bb71fe7573484a1bd6f719b239e830d12

    • SHA512

      fa9d2d13400ff726fa8ff911068c6eea72ef51365eb993b3f942995078d910ce255f050c6b07ec4335ef4a200a3d0a6c875cab57d64504a10894dd628cdd3e93

    • SSDEEP

      24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5y:gh+ZkldoPK8YaKGy

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

    • Drops startup file

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks