Overview

overview

10

Static

static

5

2d17f4897f...0N.exe

windows7-x64

10

2d17f4897f...0N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2d17f4897f1cd607abcf21908e2f66a0N

  • Size

    952KB

  • Sample

    240910-z2fc2swhnh

  • MD5

    2d17f4897f1cd607abcf21908e2f66a0

  • SHA1

    9293c072aa380a8be576a7ba64e3c27a9902f3bb

  • SHA256

    45a2afb81a8455bd0b9b68ecaa8d80c00391d587739e01da4b13ecd1cd428b55

  • SHA512

    2d203329dda34acb40cce9e40addc9091af8d6e8f9112b99b529b88d03b3a97fd9a441743fb3e54a793bf9d5250e8d40afb254b4d833e6abd979eb74ce326330

  • SSDEEP

    24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT53:Rh+ZkldDPK8YaKj3

Score
10/10
revengeratmarzo26discoverytrojan

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

    • Target

      2d17f4897f1cd607abcf21908e2f66a0N

    • Size

      952KB

    • MD5

      2d17f4897f1cd607abcf21908e2f66a0

    • SHA1

      9293c072aa380a8be576a7ba64e3c27a9902f3bb

    • SHA256

      45a2afb81a8455bd0b9b68ecaa8d80c00391d587739e01da4b13ecd1cd428b55

    • SHA512

      2d203329dda34acb40cce9e40addc9091af8d6e8f9112b99b529b88d03b3a97fd9a441743fb3e54a793bf9d5250e8d40afb254b4d833e6abd979eb74ce326330

    • SSDEEP

      24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT53:Rh+ZkldDPK8YaKj3

    Score
    10/10
    revengeratmarzo26discoverytrojan

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

      trojanrevengerat

    • Drops startup file

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks