Overview

overview

10

Static

static

5

b0aff5a873...0N.exe

windows7-x64

10

b0aff5a873...0N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b0aff5a87339c71a8fd5b4714d7b6970N.exe

  • Size

    952KB

  • Sample

    240824-yxwc2ayeml

  • MD5

    b0aff5a87339c71a8fd5b4714d7b6970

  • SHA1

    4aaa6a2df50dd2653296793dc25afc7968fc6ecb

  • SHA256

    e2ca6a0358a57f10be165d06469046fa711f9f5d1dc31183c820897db7358198

  • SHA512

    b50d164c4914f5021b5cb72dee2125d242c013bad73c5c51750ba9fae333da418042d641b67c40426be35f31d6de473a98e9893a04fa756721a82b6223082c28

  • SSDEEP

    24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT5u:Rh+ZkldDPK8YaKju

Score
10/10
revengeratmarzo26discoverytrojan

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

    • Target

      b0aff5a87339c71a8fd5b4714d7b6970N.exe

    • Size

      952KB

    • MD5

      b0aff5a87339c71a8fd5b4714d7b6970

    • SHA1

      4aaa6a2df50dd2653296793dc25afc7968fc6ecb

    • SHA256

      e2ca6a0358a57f10be165d06469046fa711f9f5d1dc31183c820897db7358198

    • SHA512

      b50d164c4914f5021b5cb72dee2125d242c013bad73c5c51750ba9fae333da418042d641b67c40426be35f31d6de473a98e9893a04fa756721a82b6223082c28

    • SSDEEP

      24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT5u:Rh+ZkldDPK8YaKju

    Score
    10/10
    revengeratmarzo26discoverytrojan

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

      trojanrevengerat

    • Drops startup file

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks