General

  • Target

    9f30ec72412de0a9b686f5f1b774f700N.exe

  • Size

    952KB

  • Sample

    240915-cglb8szfmc

  • MD5

    9f30ec72412de0a9b686f5f1b774f700

  • SHA1

    08d3edadf39badf7631adc0471cf5e232dc3f0ce

  • SHA256

    f73ef9507c8a054625412574f101e8b427413c72b5fc8a2f536037043145c4f3

  • SHA512

    39fef420a598f869a748783d5ea8d72e3216b7c3098281df16cf800896c551b811bd7fcd56e2c2a91d6d51d09438ef2b9f8075f85c943a3621434b31cc886813

  • SSDEEP

    24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT5k:Rh+ZkldDPK8YaKjk

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

    • Target

      9f30ec72412de0a9b686f5f1b774f700N.exe

    • Size

      952KB

    • MD5

      9f30ec72412de0a9b686f5f1b774f700

    • SHA1

      08d3edadf39badf7631adc0471cf5e232dc3f0ce

    • SHA256

      f73ef9507c8a054625412574f101e8b427413c72b5fc8a2f536037043145c4f3

    • SHA512

      39fef420a598f869a748783d5ea8d72e3216b7c3098281df16cf800896c551b811bd7fcd56e2c2a91d6d51d09438ef2b9f8075f85c943a3621434b31cc886813

    • SSDEEP

      24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT5k:Rh+ZkldDPK8YaKjk

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

    • Drops startup file

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks