Overview

overview

10

Static

static

5

8265519cd7...9N.exe

windows7-x64

10

8265519cd7...9N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8265519cd76da750ddeed693a38d542fca819c9fe92a6c0a210e4479a4ecb669N.exe

  • Size

    952KB

  • Sample

    240924-wx565a1dlb

  • MD5

    f85b07f23518cc4f783d8c06bf6f62d0

  • SHA1

    5843566b482c6ddd8f4c8ef2946c6418098c7e9c

  • SHA256

    8265519cd76da750ddeed693a38d542fca819c9fe92a6c0a210e4479a4ecb669

  • SHA512

    5b8512adae5f80c7d51c3146981ca02b6c844432c8e258f9d85eea2997f7de56b732eb4b3cf91d068db7311cd4e019b803ab771bed7868c74469f5cb7c134f7f

  • SSDEEP

    24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT5T:Rh+ZkldDPK8YaKjT

Score
10/10
revengeratmarzo26discoverytrojan

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

    • Target

      8265519cd76da750ddeed693a38d542fca819c9fe92a6c0a210e4479a4ecb669N.exe

    • Size

      952KB

    • MD5

      f85b07f23518cc4f783d8c06bf6f62d0

    • SHA1

      5843566b482c6ddd8f4c8ef2946c6418098c7e9c

    • SHA256

      8265519cd76da750ddeed693a38d542fca819c9fe92a6c0a210e4479a4ecb669

    • SHA512

      5b8512adae5f80c7d51c3146981ca02b6c844432c8e258f9d85eea2997f7de56b732eb4b3cf91d068db7311cd4e019b803ab771bed7868c74469f5cb7c134f7f

    • SSDEEP

      24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT5T:Rh+ZkldDPK8YaKjT

    Score
    10/10
    revengeratmarzo26discoverytrojan

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

      trojanrevengerat

    • Drops startup file

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks