General

  • Target

    a05a2db6718859e2b143f6d117c9c33cd6a3a93c322f61fe00e9d7e544137969

  • Size

    904KB

  • Sample

    241007-aszynaydlc

  • MD5

    1836a1700cb3056d3dea79b8d29af244

  • SHA1

    e5e838fcbbfe41c08512516e17c40e63b43c2f70

  • SHA256

    a05a2db6718859e2b143f6d117c9c33cd6a3a93c322f61fe00e9d7e544137969

  • SHA512

    c2c450236288114e9fc8cd67a4db9744889ddffe171c124fb89aaf5df22362648061176af12879d0d10286a69a953e79553cea2eb1b4507df1656f7f1931c5e7

  • SSDEEP

    24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5o:gh+ZkldoPK8YaKGo

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

    • Target

      a05a2db6718859e2b143f6d117c9c33cd6a3a93c322f61fe00e9d7e544137969

    • Size

      904KB

    • MD5

      1836a1700cb3056d3dea79b8d29af244

    • SHA1

      e5e838fcbbfe41c08512516e17c40e63b43c2f70

    • SHA256

      a05a2db6718859e2b143f6d117c9c33cd6a3a93c322f61fe00e9d7e544137969

    • SHA512

      c2c450236288114e9fc8cd67a4db9744889ddffe171c124fb89aaf5df22362648061176af12879d0d10286a69a953e79553cea2eb1b4507df1656f7f1931c5e7

    • SSDEEP

      24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5o:gh+ZkldoPK8YaKGo

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

    • Drops startup file

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks