Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    665e04f3a149df8623942eb1107d9b80N.exe

  • Size

    903KB

  • Sample

    240815-nb29cazamg

  • MD5

    665e04f3a149df8623942eb1107d9b80

  • SHA1

    24fbb823fff357a8aa321498804a6b5939709c16

  • SHA256

    5463e3514b30b0726922d760a72ae77b2b5f840675c91114aef1512b1cdc07eb

  • SHA512

    c635f54f78002e4d8c5a3acbeb8075121cae7d1a289978635ad42b5a53b33f99f15ad008d1178ba291c737a1ce14f435c9c4addea6cb8ef2d2302f4b577e0d1e

  • SSDEEP

    24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa50:gh+ZkldoPK8YaKG0

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

    • Target

      665e04f3a149df8623942eb1107d9b80N.exe

    • Size

      903KB

    • MD5

      665e04f3a149df8623942eb1107d9b80

    • SHA1

      24fbb823fff357a8aa321498804a6b5939709c16

    • SHA256

      5463e3514b30b0726922d760a72ae77b2b5f840675c91114aef1512b1cdc07eb

    • SHA512

      c635f54f78002e4d8c5a3acbeb8075121cae7d1a289978635ad42b5a53b33f99f15ad008d1178ba291c737a1ce14f435c9c4addea6cb8ef2d2302f4b577e0d1e

    • SSDEEP

      24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa50:gh+ZkldoPK8YaKG0

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

    • Drops startup file

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks