General

  • Target

    9fdcd3a9c0cb0166f7cb06af5e189d771471a56bcf03d2b8411d21bb278c8033N

  • Size

    904KB

  • Sample

    240930-pesdzsvbpp

  • MD5

    41d44bdb5a0035e5ec5cdd18200aa450

  • SHA1

    f77b1b023caaf682a8d654db063195fc02749d72

  • SHA256

    9fdcd3a9c0cb0166f7cb06af5e189d771471a56bcf03d2b8411d21bb278c8033

  • SHA512

    0ce22d7fd1f38f47c5431e3c54622115555dd3326374866c217248474c8880cd3a777cc5516db60c155b986ecef00c18bcde2d3965f660f1186c86094de6e743

  • SSDEEP

    24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5c:gh+ZkldoPK8YaKGc

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

    • Target

      9fdcd3a9c0cb0166f7cb06af5e189d771471a56bcf03d2b8411d21bb278c8033N

    • Size

      904KB

    • MD5

      41d44bdb5a0035e5ec5cdd18200aa450

    • SHA1

      f77b1b023caaf682a8d654db063195fc02749d72

    • SHA256

      9fdcd3a9c0cb0166f7cb06af5e189d771471a56bcf03d2b8411d21bb278c8033

    • SHA512

      0ce22d7fd1f38f47c5431e3c54622115555dd3326374866c217248474c8880cd3a777cc5516db60c155b986ecef00c18bcde2d3965f660f1186c86094de6e743

    • SSDEEP

      24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5c:gh+ZkldoPK8YaKGc

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

    • Drops startup file

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks