Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    a4bd8ed0339c665f8a5d806e9345a870N.exe

  • Size

    904KB

  • Sample

    240818-m7mm4atemn

  • MD5

    a4bd8ed0339c665f8a5d806e9345a870

  • SHA1

    142cfc98cb53d86e42d3e052fd41642336fc371d

  • SHA256

    ddbfa84666912d3533a780e0fff2d2e42aeb5ca726d1646f3042b9c987da4513

  • SHA512

    b07647cb741c5b04f6f95eda42a312acf10299c02e407fd65806e94d33957c08c7d1d92f143f10bf29ecd484aa1abe4f4fd78749f39d2901aa3ca865c2005995

  • SSDEEP

    24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5e:gh+ZkldoPK8YaKGe

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

    • Target

      a4bd8ed0339c665f8a5d806e9345a870N.exe

    • Size

      904KB

    • MD5

      a4bd8ed0339c665f8a5d806e9345a870

    • SHA1

      142cfc98cb53d86e42d3e052fd41642336fc371d

    • SHA256

      ddbfa84666912d3533a780e0fff2d2e42aeb5ca726d1646f3042b9c987da4513

    • SHA512

      b07647cb741c5b04f6f95eda42a312acf10299c02e407fd65806e94d33957c08c7d1d92f143f10bf29ecd484aa1abe4f4fd78749f39d2901aa3ca865c2005995

    • SSDEEP

      24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5e:gh+ZkldoPK8YaKGe

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

    • Drops startup file

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks