Overview

overview

10

Static

static

5

d60a908024...0N.exe

windows7-x64

10

d60a908024...0N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d60a9080242428ec145b390f8ca09b00N.exe

  • Size

    952KB

  • Sample

    240819-vzf5cawgrf

  • MD5

    d60a9080242428ec145b390f8ca09b00

  • SHA1

    e9a01bd7fc3a191e936f963ba38844dc1937c72b

  • SHA256

    98cd93dba9e02329cf9af4644b513048755f4a8cf504e3062fdf99175bd2251d

  • SHA512

    b84e5616f038bf288f7bc8c45d337c447abc7a872f559d48cd3d53ee5c52c3e6d6089256dfd799eb588bcbb47e1191930d4a078275c0919bcff358387e2afd34

  • SSDEEP

    24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT5y:Rh+ZkldDPK8YaKjy

Score
10/10
revengeratmarzo26discoverytrojan

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

    • Target

      d60a9080242428ec145b390f8ca09b00N.exe

    • Size

      952KB

    • MD5

      d60a9080242428ec145b390f8ca09b00

    • SHA1

      e9a01bd7fc3a191e936f963ba38844dc1937c72b

    • SHA256

      98cd93dba9e02329cf9af4644b513048755f4a8cf504e3062fdf99175bd2251d

    • SHA512

      b84e5616f038bf288f7bc8c45d337c447abc7a872f559d48cd3d53ee5c52c3e6d6089256dfd799eb588bcbb47e1191930d4a078275c0919bcff358387e2afd34

    • SSDEEP

      24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT5y:Rh+ZkldDPK8YaKjy

    Score
    10/10
    revengeratmarzo26discoverytrojan

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

      trojanrevengerat

    • Drops startup file

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks