General

  • Target

    957821c3cbf84aa7971ad2cce6d06313e72b3b83c2af5b3002cc0ace90cbc1af

  • Size

    952KB

  • Sample

    240817-cvagwsvfql

  • MD5

    0c6a0add4816aa25e8f25e0c8f02ddcb

  • SHA1

    d30019150f291271a4da19f30798179de347af41

  • SHA256

    957821c3cbf84aa7971ad2cce6d06313e72b3b83c2af5b3002cc0ace90cbc1af

  • SHA512

    f0bbd1fa450768a4399754743316b45a3d93417679c26db711d44dc1db6f7050d5707d2d6d653cdad39290b3c98ed17ca90aa1963e27fe98e7e768df218a5f33

  • SSDEEP

    24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT5F:Rh+ZkldDPK8YaKjF

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

    • Target

      957821c3cbf84aa7971ad2cce6d06313e72b3b83c2af5b3002cc0ace90cbc1af

    • Size

      952KB

    • MD5

      0c6a0add4816aa25e8f25e0c8f02ddcb

    • SHA1

      d30019150f291271a4da19f30798179de347af41

    • SHA256

      957821c3cbf84aa7971ad2cce6d06313e72b3b83c2af5b3002cc0ace90cbc1af

    • SHA512

      f0bbd1fa450768a4399754743316b45a3d93417679c26db711d44dc1db6f7050d5707d2d6d653cdad39290b3c98ed17ca90aa1963e27fe98e7e768df218a5f33

    • SSDEEP

      24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT5F:Rh+ZkldDPK8YaKjF

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

    • Drops startup file

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks