Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    c4b5416544d83fac36a48a5542496930N.exe

  • Size

    952KB

  • Sample

    240818-gdpygaydlb

  • MD5

    c4b5416544d83fac36a48a5542496930

  • SHA1

    55372683bb668174feccd5d28b9b27cfcc54dfde

  • SHA256

    537bb65fda8898e358d6ebe393b92cd5f790c49ba3f9a095489779a2e0d51874

  • SHA512

    52338136fd04c57a1379ab24ca3b509cfa9a5a60e0e0ebed14f229eff0dea71d2e2e9203a8357f95147daf23373e11252a509c1fe66b5bc6f1a0b2f579c0323a

  • SSDEEP

    24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT56:Rh+ZkldDPK8YaKj6

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

    • Target

      c4b5416544d83fac36a48a5542496930N.exe

    • Size

      952KB

    • MD5

      c4b5416544d83fac36a48a5542496930

    • SHA1

      55372683bb668174feccd5d28b9b27cfcc54dfde

    • SHA256

      537bb65fda8898e358d6ebe393b92cd5f790c49ba3f9a095489779a2e0d51874

    • SHA512

      52338136fd04c57a1379ab24ca3b509cfa9a5a60e0e0ebed14f229eff0dea71d2e2e9203a8357f95147daf23373e11252a509c1fe66b5bc6f1a0b2f579c0323a

    • SSDEEP

      24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT56:Rh+ZkldDPK8YaKj6

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

    • Drops startup file

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks