Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    3157e3d73ec7fb0514eea48ef1ac7760N.exe

  • Size

    952KB

  • Sample

    240824-ghf65awcqe

  • MD5

    3157e3d73ec7fb0514eea48ef1ac7760

  • SHA1

    f39ee1355a563a63c548bbe890f33a06bad95147

  • SHA256

    738a6a506c3b167979fb2dbfbb1e45efc1110e58c4c58c49bb5858ad36ff18be

  • SHA512

    9d63e9ebf5fe542915806df9f4e98561bb8bb511b8129d224d26c5ab62c4f177282237388c34db4432a78a427a4dcd6b84eba1fb7742d701b6f0fae4a6248e83

  • SSDEEP

    24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT53:Rh+ZkldDPK8YaKj3

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

    • Target

      3157e3d73ec7fb0514eea48ef1ac7760N.exe

    • Size

      952KB

    • MD5

      3157e3d73ec7fb0514eea48ef1ac7760

    • SHA1

      f39ee1355a563a63c548bbe890f33a06bad95147

    • SHA256

      738a6a506c3b167979fb2dbfbb1e45efc1110e58c4c58c49bb5858ad36ff18be

    • SHA512

      9d63e9ebf5fe542915806df9f4e98561bb8bb511b8129d224d26c5ab62c4f177282237388c34db4432a78a427a4dcd6b84eba1fb7742d701b6f0fae4a6248e83

    • SSDEEP

      24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT53:Rh+ZkldDPK8YaKj3

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

    • Drops startup file

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks