Overview

overview

10

Static

static

5

ae2d778b9a...0N.exe

windows7-x64

10

ae2d778b9a...0N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ae2d778b9a73bd67a8604b2ca1e2d350N

  • Size

    952KB

  • Sample

    240911-eqc4bssgjd

  • MD5

    ae2d778b9a73bd67a8604b2ca1e2d350

  • SHA1

    523eee6f2aa39d236d86c802abf7fc29f3616cb8

  • SHA256

    6145c9d2a1f296978afa176aa826c94ce1462f8e5067dbab15de4b9fa03a8dc6

  • SHA512

    5f728cdc9fa103cf40c802ffd67f4e9f76cde3be67e2244a5726c62ef3178936e42b695295f0c5d8c6a9ecd97610f4bd9e69b9206bba1c4d7176d3ff9b1777ae

  • SSDEEP

    24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT5f:Rh+ZkldDPK8YaKjf

Score
10/10
revengeratmarzo26discoverytrojan

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

    • Target

      ae2d778b9a73bd67a8604b2ca1e2d350N

    • Size

      952KB

    • MD5

      ae2d778b9a73bd67a8604b2ca1e2d350

    • SHA1

      523eee6f2aa39d236d86c802abf7fc29f3616cb8

    • SHA256

      6145c9d2a1f296978afa176aa826c94ce1462f8e5067dbab15de4b9fa03a8dc6

    • SHA512

      5f728cdc9fa103cf40c802ffd67f4e9f76cde3be67e2244a5726c62ef3178936e42b695295f0c5d8c6a9ecd97610f4bd9e69b9206bba1c4d7176d3ff9b1777ae

    • SSDEEP

      24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT5f:Rh+ZkldDPK8YaKjf

    Score
    10/10
    revengeratmarzo26discoverytrojan

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

      trojanrevengerat

    • Drops startup file

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks