General

  • Target

    75165bfef016a9b973165178cddca25f4d0d2c0aa3c906bdf1a977bba123c8e7N

  • Size

    952KB

  • Sample

    241007-mqj6ms1bln

  • MD5

    cb903271f7100b4e8f97eddc4fe6b4e0

  • SHA1

    bfa084f6e9e279d132614bcdd1b876a8aab6acaf

  • SHA256

    75165bfef016a9b973165178cddca25f4d0d2c0aa3c906bdf1a977bba123c8e7

  • SHA512

    1e4f90db07857186050b957ec52145592c2433609d39cd159b3370167a0c58e63a085f62e93be419189ee74b7bfd6f7892de4b17c35963283ceb9208c215cc7e

  • SSDEEP

    24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT5u:Rh+ZkldDPK8YaKju

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

    • Target

      75165bfef016a9b973165178cddca25f4d0d2c0aa3c906bdf1a977bba123c8e7N

    • Size

      952KB

    • MD5

      cb903271f7100b4e8f97eddc4fe6b4e0

    • SHA1

      bfa084f6e9e279d132614bcdd1b876a8aab6acaf

    • SHA256

      75165bfef016a9b973165178cddca25f4d0d2c0aa3c906bdf1a977bba123c8e7

    • SHA512

      1e4f90db07857186050b957ec52145592c2433609d39cd159b3370167a0c58e63a085f62e93be419189ee74b7bfd6f7892de4b17c35963283ceb9208c215cc7e

    • SSDEEP

      24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT5u:Rh+ZkldDPK8YaKju

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

    • Drops startup file

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks