Overview

overview

10

Static

static

5

483383fdf5...0N.exe

windows7-x64

10

483383fdf5...0N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    483383fdf50342246c331180c758a7f0N.exe

  • Size

    952KB

  • Sample

    240823-fd47qaybpr

  • MD5

    483383fdf50342246c331180c758a7f0

  • SHA1

    d11a425b2290682b50e6737c02126e2c75165d3a

  • SHA256

    7e014306d6029b0b997f76ef8482aebb3b1105f731a72fb6cd0f79c5c81b52d0

  • SHA512

    fff4cfa67e8b61067eabce638cf35079a97b6b8eb20cfb10dc54661aca6b39967835f08608f16fc69768ff28407ea6ab4e01b4d5496afc9389158257e92394f4

  • SSDEEP

    24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT5i:Rh+ZkldDPK8YaKji

Score
10/10
revengeratmarzo26discoverytrojan

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

    • Target

      483383fdf50342246c331180c758a7f0N.exe

    • Size

      952KB

    • MD5

      483383fdf50342246c331180c758a7f0

    • SHA1

      d11a425b2290682b50e6737c02126e2c75165d3a

    • SHA256

      7e014306d6029b0b997f76ef8482aebb3b1105f731a72fb6cd0f79c5c81b52d0

    • SHA512

      fff4cfa67e8b61067eabce638cf35079a97b6b8eb20cfb10dc54661aca6b39967835f08608f16fc69768ff28407ea6ab4e01b4d5496afc9389158257e92394f4

    • SSDEEP

      24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT5i:Rh+ZkldDPK8YaKji

    Score
    10/10
    revengeratmarzo26discoverytrojan

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

      trojanrevengerat

    • Drops startup file

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks