Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    cc6eca3c8a6f131f9b007d366e0f6e40N.exe

  • Size

    952KB

  • Sample

    240821-mvpxpatgpc

  • MD5

    cc6eca3c8a6f131f9b007d366e0f6e40

  • SHA1

    0de3719d9ea0f791c6bc9d25870c9898d94fc47e

  • SHA256

    428624971eb187b20f6c49495ceb4fb25764c4fcd134170ca0ed0a965b87aa88

  • SHA512

    bff7b562cdb017b9df12b6f4df9f8388194c45bf11846d7b4cd7a7c51342ccea083c2983a2538b64bcccce16423cdc8e0110dd7937bc736bf40b1462dfaa450a

  • SSDEEP

    24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT5T:Rh+ZkldDPK8YaKjT

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

    • Target

      cc6eca3c8a6f131f9b007d366e0f6e40N.exe

    • Size

      952KB

    • MD5

      cc6eca3c8a6f131f9b007d366e0f6e40

    • SHA1

      0de3719d9ea0f791c6bc9d25870c9898d94fc47e

    • SHA256

      428624971eb187b20f6c49495ceb4fb25764c4fcd134170ca0ed0a965b87aa88

    • SHA512

      bff7b562cdb017b9df12b6f4df9f8388194c45bf11846d7b4cd7a7c51342ccea083c2983a2538b64bcccce16423cdc8e0110dd7937bc736bf40b1462dfaa450a

    • SSDEEP

      24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT5T:Rh+ZkldDPK8YaKjT

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

    • Drops startup file

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks