Overview

overview

10

Static

static

5

Trojan.Win...NE.exe

windows7-x64

10

Trojan.Win...NE.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Trojan.Win32.Nanocore.NE.MTB-728740f38287f3b9aa634987bcdd60c62cc743afb119a7f5166d057a9c9277deN

  • Size

    952KB

  • Sample

    240916-p592qaycqg

  • MD5

    071db015daf3af6847cc5ed4a6754700

  • SHA1

    c108d0164f901f272e92d3b86a0b572b9028348d

  • SHA256

    728740f38287f3b9aa634987bcdd60c62cc743afb119a7f5166d057a9c9277de

  • SHA512

    597c828645b07aab730b8bb7790a199579af617173c40300626571300d7de042604cf5eb3e7a14f5ec131c8a1d7a012865e52b6d347061fc5eabca500a9288e8

  • SSDEEP

    24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT5P:Rh+ZkldDPK8YaKjP

Score
10/10
revengeratmarzo26discoverytrojan

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

    • Target

      Trojan.Win32.Nanocore.NE.MTB-728740f38287f3b9aa634987bcdd60c62cc743afb119a7f5166d057a9c9277deN

    • Size

      952KB

    • MD5

      071db015daf3af6847cc5ed4a6754700

    • SHA1

      c108d0164f901f272e92d3b86a0b572b9028348d

    • SHA256

      728740f38287f3b9aa634987bcdd60c62cc743afb119a7f5166d057a9c9277de

    • SHA512

      597c828645b07aab730b8bb7790a199579af617173c40300626571300d7de042604cf5eb3e7a14f5ec131c8a1d7a012865e52b6d347061fc5eabca500a9288e8

    • SSDEEP

      24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT5P:Rh+ZkldDPK8YaKjP

    Score
    10/10
    revengeratmarzo26discoverytrojan

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

      trojanrevengerat

    • Drops startup file

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks