Overview

overview

10

Static

static

5

f6c7b11b1d...0N.exe

windows7-x64

10

f6c7b11b1d...0N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f6c7b11b1d54bb9245a4df0d398c9480N

  • Size

    952KB

  • Sample

    240910-kylckawaln

  • MD5

    f6c7b11b1d54bb9245a4df0d398c9480

  • SHA1

    2b89657cccad353880ec28765a571b33fdfd5954

  • SHA256

    1a67867f457f76fe2eecc742681952fbcf1e0f159d67e9259e5aedbc7de48f80

  • SHA512

    e5c3bbec61f4184ee6f709a84a29530f842ed48340e5c366d483b977f408574f06645ff24b56cdc67ff858dc513fe409da1d1709ed4e68ef8dce78921928123a

  • SSDEEP

    24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT5+:Rh+ZkldDPK8YaKj+

Score
10/10
revengeratmarzo26discoverytrojan

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

    • Target

      f6c7b11b1d54bb9245a4df0d398c9480N

    • Size

      952KB

    • MD5

      f6c7b11b1d54bb9245a4df0d398c9480

    • SHA1

      2b89657cccad353880ec28765a571b33fdfd5954

    • SHA256

      1a67867f457f76fe2eecc742681952fbcf1e0f159d67e9259e5aedbc7de48f80

    • SHA512

      e5c3bbec61f4184ee6f709a84a29530f842ed48340e5c366d483b977f408574f06645ff24b56cdc67ff858dc513fe409da1d1709ed4e68ef8dce78921928123a

    • SSDEEP

      24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT5+:Rh+ZkldDPK8YaKj+

    Score
    10/10
    revengeratmarzo26discoverytrojan

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

      trojanrevengerat

    • Drops startup file

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks