General

  • Target

    a6a6f8c679640369885b8ba466d7106d225493b44e2b4143731affcf748e1dceN

  • Size

    952KB

  • Sample

    240927-y8jtdaxhkm

  • MD5

    bff2eb49bb8366e43ff6b715f59531d0

  • SHA1

    51097d5c1beecf392805cf87fca69be421a9828c

  • SHA256

    a6a6f8c679640369885b8ba466d7106d225493b44e2b4143731affcf748e1dce

  • SHA512

    b48cfa69ee9c75f2d4a81ceca2bf4905656b1c34dba42e1a8f21562635ec90a0ea111cee37394ef1397c6dd568d2950ed1513965089cce8530d3bd97b40abc21

  • SSDEEP

    24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT5G:Rh+ZkldDPK8YaKjG

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

    • Target

      a6a6f8c679640369885b8ba466d7106d225493b44e2b4143731affcf748e1dceN

    • Size

      952KB

    • MD5

      bff2eb49bb8366e43ff6b715f59531d0

    • SHA1

      51097d5c1beecf392805cf87fca69be421a9828c

    • SHA256

      a6a6f8c679640369885b8ba466d7106d225493b44e2b4143731affcf748e1dce

    • SHA512

      b48cfa69ee9c75f2d4a81ceca2bf4905656b1c34dba42e1a8f21562635ec90a0ea111cee37394ef1397c6dd568d2950ed1513965089cce8530d3bd97b40abc21

    • SSDEEP

      24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT5G:Rh+ZkldDPK8YaKjG

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

    • Drops startup file

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks