General

  • Target

    6b5ea50ade8fd94ea3b976cf695af2a7e5073a58f009acf36da25ba7d74d07a3N

  • Size

    952KB

  • Sample

    241001-zn2zwszepn

  • MD5

    793162a4ab2bda8dbdb6e4ff9dd1a320

  • SHA1

    9a6bffd6d6ddcea0876570df7134b8d78a7efae7

  • SHA256

    6b5ea50ade8fd94ea3b976cf695af2a7e5073a58f009acf36da25ba7d74d07a3

  • SHA512

    cc437d202872bed9117956b52c2e01bb551ab93f20c194f7d01f19deaae1075758473e1aa01ca3dd79cad24738550802c4caadd197a0ebd3c1302d73a8759350

  • SSDEEP

    24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT59:Rh+ZkldDPK8YaKj9

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

    • Target

      6b5ea50ade8fd94ea3b976cf695af2a7e5073a58f009acf36da25ba7d74d07a3N

    • Size

      952KB

    • MD5

      793162a4ab2bda8dbdb6e4ff9dd1a320

    • SHA1

      9a6bffd6d6ddcea0876570df7134b8d78a7efae7

    • SHA256

      6b5ea50ade8fd94ea3b976cf695af2a7e5073a58f009acf36da25ba7d74d07a3

    • SHA512

      cc437d202872bed9117956b52c2e01bb551ab93f20c194f7d01f19deaae1075758473e1aa01ca3dd79cad24738550802c4caadd197a0ebd3c1302d73a8759350

    • SSDEEP

      24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT59:Rh+ZkldDPK8YaKj9

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

    • Drops startup file

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks