Overview

overview

10

Static

static

5

ea1cd664ad...5N.exe

windows7-x64

10

ea1cd664ad...5N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ea1cd664ad423def9c6829f0a23b35a5b10f35c06c78b34f1fe31a28c5774365N

  • Size

    952KB

  • Sample

    240922-ekfl9s1cpb

  • MD5

    bf3a681895f6d46ab61ee03efece8720

  • SHA1

    063309ef57ca73d993a39ee5cd963a3f188aac23

  • SHA256

    ea1cd664ad423def9c6829f0a23b35a5b10f35c06c78b34f1fe31a28c5774365

  • SHA512

    0c198c3a64d5ed08055428268b6773a6fe1052b6b35f39bcb39271731c79e4ba91edf291308e54bb23e2006749f540d630af5eeea75494ea64bfee5449015a52

  • SSDEEP

    24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT5d:Rh+ZkldDPK8YaKjd

Score
10/10
revengeratmarzo26discoverytrojan

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

    • Target

      ea1cd664ad423def9c6829f0a23b35a5b10f35c06c78b34f1fe31a28c5774365N

    • Size

      952KB

    • MD5

      bf3a681895f6d46ab61ee03efece8720

    • SHA1

      063309ef57ca73d993a39ee5cd963a3f188aac23

    • SHA256

      ea1cd664ad423def9c6829f0a23b35a5b10f35c06c78b34f1fe31a28c5774365

    • SHA512

      0c198c3a64d5ed08055428268b6773a6fe1052b6b35f39bcb39271731c79e4ba91edf291308e54bb23e2006749f540d630af5eeea75494ea64bfee5449015a52

    • SSDEEP

      24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT5d:Rh+ZkldDPK8YaKjd

    Score
    10/10
    revengeratmarzo26discoverytrojan

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

      trojanrevengerat

    • Drops startup file

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks