Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    9d204c19f266e91f09f5c4977b71d370N.exe

  • Size

    904KB

  • Sample

    240815-nz3vsavdmm

  • MD5

    9d204c19f266e91f09f5c4977b71d370

  • SHA1

    3ac0922f51290a87a9ff61c6f34922ac82b7bb20

  • SHA256

    f6ea96da3996a35c1374bc94c6ac9002194cc38f1e62f978f9cfe8fd1dd9e6e3

  • SHA512

    930d3e5f4ffa45036597b8600a25e6f6f3ee9582d140bb83638aa35f8ad642ea45b2792029a36e0ff3c9b354a2198a09c3b281feadf566316c505c19260a7d1b

  • SSDEEP

    24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5B:gh+ZkldoPK8YaKGB

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

    • Target

      9d204c19f266e91f09f5c4977b71d370N.exe

    • Size

      904KB

    • MD5

      9d204c19f266e91f09f5c4977b71d370

    • SHA1

      3ac0922f51290a87a9ff61c6f34922ac82b7bb20

    • SHA256

      f6ea96da3996a35c1374bc94c6ac9002194cc38f1e62f978f9cfe8fd1dd9e6e3

    • SHA512

      930d3e5f4ffa45036597b8600a25e6f6f3ee9582d140bb83638aa35f8ad642ea45b2792029a36e0ff3c9b354a2198a09c3b281feadf566316c505c19260a7d1b

    • SSDEEP

      24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5B:gh+ZkldoPK8YaKGB

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

    • Drops startup file

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks