General

  • Target

    IEXPLORE.EXE.exe

  • Size

    904KB

  • Sample

    240828-ybsp1stgrm

  • MD5

    cacfd0e2d423ae0f7ad637c971bd591d

  • SHA1

    c98f4026b1bb1df65ebcdbbe74e37f8138f6efe7

  • SHA256

    491f7eb35995a90505019c995e9bcd29d75167f8770e74747893807f420b107e

  • SHA512

    1b315b10a254bcb36877379f9c8f8705be34e981d4d67a0a5a2fcccf181b7c6e1520d5da522883da06f86130732b02837cd945333cf4ccee25300a1c65537fbd

  • SSDEEP

    24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5J:gh+ZkldoPK8YaKGJ

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

    • Target

      IEXPLORE.EXE.exe

    • Size

      904KB

    • MD5

      cacfd0e2d423ae0f7ad637c971bd591d

    • SHA1

      c98f4026b1bb1df65ebcdbbe74e37f8138f6efe7

    • SHA256

      491f7eb35995a90505019c995e9bcd29d75167f8770e74747893807f420b107e

    • SHA512

      1b315b10a254bcb36877379f9c8f8705be34e981d4d67a0a5a2fcccf181b7c6e1520d5da522883da06f86130732b02837cd945333cf4ccee25300a1c65537fbd

    • SSDEEP

      24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5J:gh+ZkldoPK8YaKGJ

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

    • Drops startup file

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks