Overview

overview

10

Static

static

5

f8447fcd76...4N.exe

windows7-x64

10

f8447fcd76...4N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f8447fcd767b276c64af4781969c8fd1c88e33466a5f7a9c8eb80e573019f4a4N

  • Size

    952KB

  • Sample

    241003-elvskstdll

  • MD5

    dad55aa58961f1bf62f095ff7c0c8f40

  • SHA1

    af0335c1dd87a8af2b88321f80e1089110c49a75

  • SHA256

    f8447fcd767b276c64af4781969c8fd1c88e33466a5f7a9c8eb80e573019f4a4

  • SHA512

    6c06a7160ea1af84c2e24ff28e4d26e1c00857c37cd94c3c778c779698c2442b855a047cd8a320b7ea4132058756ca6bfe0de7575b19536ef46e6e5ae10f96ea

  • SSDEEP

    24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT5J:Rh+ZkldDPK8YaKjJ

Score
10/10
revengeratmarzo26discoverytrojan

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

    • Target

      f8447fcd767b276c64af4781969c8fd1c88e33466a5f7a9c8eb80e573019f4a4N

    • Size

      952KB

    • MD5

      dad55aa58961f1bf62f095ff7c0c8f40

    • SHA1

      af0335c1dd87a8af2b88321f80e1089110c49a75

    • SHA256

      f8447fcd767b276c64af4781969c8fd1c88e33466a5f7a9c8eb80e573019f4a4

    • SHA512

      6c06a7160ea1af84c2e24ff28e4d26e1c00857c37cd94c3c778c779698c2442b855a047cd8a320b7ea4132058756ca6bfe0de7575b19536ef46e6e5ae10f96ea

    • SSDEEP

      24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT5J:Rh+ZkldDPK8YaKjJ

    Score
    10/10
    revengeratmarzo26discoverytrojan

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

      trojanrevengerat

    • Drops startup file

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks