General

  • Target

    b790bca76501f3491c7b0c25c7bca660N.exe

  • Size

    952KB

  • Sample

    240815-dwzc3ssbpd

  • MD5

    b790bca76501f3491c7b0c25c7bca660

  • SHA1

    50606f7d29203d52563a374a418feea4c7039cfd

  • SHA256

    7c8296cc01dc0785d28acbb53ecfd6c5ae06784cee028d743a6c724819f35579

  • SHA512

    a7f2613d53877b764f4d6de9ecf062980bf95d816ea77b9a5a9645ce5a0a0b82a5784513df43df59ff4142454707507d629efdfbc1001eb1ec80966123bbaa4f

  • SSDEEP

    24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT5X:Rh+ZkldDPK8YaKjX

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

    • Target

      b790bca76501f3491c7b0c25c7bca660N.exe

    • Size

      952KB

    • MD5

      b790bca76501f3491c7b0c25c7bca660

    • SHA1

      50606f7d29203d52563a374a418feea4c7039cfd

    • SHA256

      7c8296cc01dc0785d28acbb53ecfd6c5ae06784cee028d743a6c724819f35579

    • SHA512

      a7f2613d53877b764f4d6de9ecf062980bf95d816ea77b9a5a9645ce5a0a0b82a5784513df43df59ff4142454707507d629efdfbc1001eb1ec80966123bbaa4f

    • SSDEEP

      24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT5X:Rh+ZkldDPK8YaKjX

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

    • Drops startup file

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks