General

  • Target

    983a615fbccc064921a9226d038af1d0N.exe

  • Size

    904KB

  • Sample

    240914-3wnn1stgmj

  • MD5

    983a615fbccc064921a9226d038af1d0

  • SHA1

    5f6785d2754f381a715ec8b1570998817fa8bfae

  • SHA256

    ee008cbd72b0a66a976a5096ed2519b2bad2dc0792609a615303af2b13e674eb

  • SHA512

    f8698505973ed519e44177c3f329dda52de0f50b513f707b233be291e75931a4413a1896b1da79db48d44b5f5d07ad41bdec03b488d573053162b12a8a1b63e1

  • SSDEEP

    24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5h:gh+ZkldoPK8YaKGh

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

    • Target

      983a615fbccc064921a9226d038af1d0N.exe

    • Size

      904KB

    • MD5

      983a615fbccc064921a9226d038af1d0

    • SHA1

      5f6785d2754f381a715ec8b1570998817fa8bfae

    • SHA256

      ee008cbd72b0a66a976a5096ed2519b2bad2dc0792609a615303af2b13e674eb

    • SHA512

      f8698505973ed519e44177c3f329dda52de0f50b513f707b233be291e75931a4413a1896b1da79db48d44b5f5d07ad41bdec03b488d573053162b12a8a1b63e1

    • SSDEEP

      24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5h:gh+ZkldoPK8YaKGh

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

    • Drops startup file

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks