General

  • Target

    4c2e84b1175e70bfa678a7e8dd58489ad32a96eb7fef4ccd6c688093005498f1N

  • Size

    904KB

  • Sample

    241010-kdpjgssbnc

  • MD5

    473c056f238423fe5e6a8d6e9a3388b0

  • SHA1

    cf3e80987292ab3856d06481d51c3a11108feeed

  • SHA256

    4c2e84b1175e70bfa678a7e8dd58489ad32a96eb7fef4ccd6c688093005498f1

  • SHA512

    91248d1f3e90efa7cd0f89a33133f80244e5f39df7cd5e40ae77abe04c92c0bc645a2a173e5bddf435333b952e7a52aee2fa7836915d503f89dbf85cdeb3fd9f

  • SSDEEP

    24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5d:gh+ZkldoPK8YaKGd

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

    • Target

      4c2e84b1175e70bfa678a7e8dd58489ad32a96eb7fef4ccd6c688093005498f1N

    • Size

      904KB

    • MD5

      473c056f238423fe5e6a8d6e9a3388b0

    • SHA1

      cf3e80987292ab3856d06481d51c3a11108feeed

    • SHA256

      4c2e84b1175e70bfa678a7e8dd58489ad32a96eb7fef4ccd6c688093005498f1

    • SHA512

      91248d1f3e90efa7cd0f89a33133f80244e5f39df7cd5e40ae77abe04c92c0bc645a2a173e5bddf435333b952e7a52aee2fa7836915d503f89dbf85cdeb3fd9f

    • SSDEEP

      24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5d:gh+ZkldoPK8YaKGd

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

    • Drops startup file

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks