General

  • Target

    9ffe1738ce8011667ba9f3957dbe2150N.exe

  • Size

    952KB

  • Sample

    240910-bmv8yszdjj

  • MD5

    9ffe1738ce8011667ba9f3957dbe2150

  • SHA1

    309739151fa4fcaba9ee1ad4be2a4b3f97131c43

  • SHA256

    5a3bc5664095c9d3202372b604a8da896908e5648a4a32ff3417153cbe40b280

  • SHA512

    2c89c96e11cbb1a93c8a793202bac2810870fdaef786f1c81b4006684e55abde8f5abbd817c53a1c1b82dcd38aa918bfe062e54d5428fbf5d8673a675a8b7230

  • SSDEEP

    24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT51:Rh+ZkldDPK8YaKj1

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

    • Target

      9ffe1738ce8011667ba9f3957dbe2150N.exe

    • Size

      952KB

    • MD5

      9ffe1738ce8011667ba9f3957dbe2150

    • SHA1

      309739151fa4fcaba9ee1ad4be2a4b3f97131c43

    • SHA256

      5a3bc5664095c9d3202372b604a8da896908e5648a4a32ff3417153cbe40b280

    • SHA512

      2c89c96e11cbb1a93c8a793202bac2810870fdaef786f1c81b4006684e55abde8f5abbd817c53a1c1b82dcd38aa918bfe062e54d5428fbf5d8673a675a8b7230

    • SSDEEP

      24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT51:Rh+ZkldDPK8YaKj1

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

    • Drops startup file

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks