General

  • Target

    62d32f37fc9ffab13b28e10185a1b1f678ba6a1c7a14c04e7f3ad0edcecdcf55N

  • Size

    952KB

  • Sample

    241012-1pyjjatalc

  • MD5

    14c711e55c340da01367cdb9e95a7140

  • SHA1

    ddbf02bf9ed1a1e8aa677e9a1c712e148f031fb5

  • SHA256

    62d32f37fc9ffab13b28e10185a1b1f678ba6a1c7a14c04e7f3ad0edcecdcf55

  • SHA512

    68fee9b3ba51041c69d070fc4df902a0607fa959e75515bc0d18dc8497255bb3ff5c58807b1cbb17aab46d4e86c7ccc7f7e9614f5b2ea5807ea473759942dfe7

  • SSDEEP

    24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT5e:Rh+ZkldDPK8YaKje

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

    • Target

      62d32f37fc9ffab13b28e10185a1b1f678ba6a1c7a14c04e7f3ad0edcecdcf55N

    • Size

      952KB

    • MD5

      14c711e55c340da01367cdb9e95a7140

    • SHA1

      ddbf02bf9ed1a1e8aa677e9a1c712e148f031fb5

    • SHA256

      62d32f37fc9ffab13b28e10185a1b1f678ba6a1c7a14c04e7f3ad0edcecdcf55

    • SHA512

      68fee9b3ba51041c69d070fc4df902a0607fa959e75515bc0d18dc8497255bb3ff5c58807b1cbb17aab46d4e86c7ccc7f7e9614f5b2ea5807ea473759942dfe7

    • SSDEEP

      24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT5e:Rh+ZkldDPK8YaKje

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

    • Drops startup file

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks