General

  • Target

    6767d10d519509759db2cfa22d792de169426433769feb73e545db4b645dc439N

  • Size

    952KB

  • Sample

    240928-cyaxtsvcnc

  • MD5

    02d2c710e3ad4e764ba293ae7d9094a0

  • SHA1

    ab900be68aa035948e38bf1b9837989a55b3cc7e

  • SHA256

    6767d10d519509759db2cfa22d792de169426433769feb73e545db4b645dc439

  • SHA512

    c3e412e1d52d93a042aa3294366fa73e761cd4c6cc0470ab3e320937b4c305c7771ea866dbe9025d85d4fc71323d63bded9f68c9dacc7ffcf8fe4553b88364cb

  • SSDEEP

    24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT5P:Rh+ZkldDPK8YaKjP

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

    • Target

      6767d10d519509759db2cfa22d792de169426433769feb73e545db4b645dc439N

    • Size

      952KB

    • MD5

      02d2c710e3ad4e764ba293ae7d9094a0

    • SHA1

      ab900be68aa035948e38bf1b9837989a55b3cc7e

    • SHA256

      6767d10d519509759db2cfa22d792de169426433769feb73e545db4b645dc439

    • SHA512

      c3e412e1d52d93a042aa3294366fa73e761cd4c6cc0470ab3e320937b4c305c7771ea866dbe9025d85d4fc71323d63bded9f68c9dacc7ffcf8fe4553b88364cb

    • SSDEEP

      24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT5P:Rh+ZkldDPK8YaKjP

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

    • Drops startup file

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.