General

  • Target

    8709382533bb925e3a7781611fe321a0N

  • Size

    952KB

  • Sample

    240913-w168la1dqm

  • MD5

    8709382533bb925e3a7781611fe321a0

  • SHA1

    a2833aa55687affbb2e2c2987ee56bbb0521af58

  • SHA256

    1d73ecb3b27251ca15f53f1be112ae63e2d37594d39496224ee54f5129c9e411

  • SHA512

    78d13816348acc9bcbd7691fa7950ce5e5c2dc806f74b782276cc7bd0ece8dd7cb8d2257e30dc9cbcfe9e403605e92b95421dfda0f1540dda27036fd54f6157c

  • SSDEEP

    24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT5U:Rh+ZkldDPK8YaKjU

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

    • Target

      8709382533bb925e3a7781611fe321a0N

    • Size

      952KB

    • MD5

      8709382533bb925e3a7781611fe321a0

    • SHA1

      a2833aa55687affbb2e2c2987ee56bbb0521af58

    • SHA256

      1d73ecb3b27251ca15f53f1be112ae63e2d37594d39496224ee54f5129c9e411

    • SHA512

      78d13816348acc9bcbd7691fa7950ce5e5c2dc806f74b782276cc7bd0ece8dd7cb8d2257e30dc9cbcfe9e403605e92b95421dfda0f1540dda27036fd54f6157c

    • SSDEEP

      24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT5U:Rh+ZkldDPK8YaKjU

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

    • Drops startup file

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks