Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    dccc4cb5a605aaa373e544c1041eddd0N.exe

  • Size

    952KB

  • Sample

    240819-w68cvatbml

  • MD5

    dccc4cb5a605aaa373e544c1041eddd0

  • SHA1

    07530947540a3bc51c2d5aa2476c24f19d5ecdfe

  • SHA256

    4c8cfb583b6b6fd01eb101d9933b763ae53de9b4b6f30eedb80c8c8817660723

  • SHA512

    1cf1f9ab6f07f55967ee4e135eb20be8c70dcbbe0197a50f15bd7a7b6c678347fdd259354ab2ef16cfd8afb8ea092c682880f3d637fb95a0d4a347da892c4272

  • SSDEEP

    24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT5Y:Rh+ZkldDPK8YaKjY

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

    • Target

      dccc4cb5a605aaa373e544c1041eddd0N.exe

    • Size

      952KB

    • MD5

      dccc4cb5a605aaa373e544c1041eddd0

    • SHA1

      07530947540a3bc51c2d5aa2476c24f19d5ecdfe

    • SHA256

      4c8cfb583b6b6fd01eb101d9933b763ae53de9b4b6f30eedb80c8c8817660723

    • SHA512

      1cf1f9ab6f07f55967ee4e135eb20be8c70dcbbe0197a50f15bd7a7b6c678347fdd259354ab2ef16cfd8afb8ea092c682880f3d637fb95a0d4a347da892c4272

    • SSDEEP

      24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT5Y:Rh+ZkldDPK8YaKjY

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

    • Drops startup file

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks