General

  • Target

    88b242578335c6510b71de310043a02b67c0c1ef08a0a3da8592e26864272677

  • Size

    904KB

  • Sample

    241106-a2lgmavkcq

  • MD5

    41ef807a9927fb23e070f869befd679f

  • SHA1

    04fe4566428103184562189e486df54c9f3011be

  • SHA256

    88b242578335c6510b71de310043a02b67c0c1ef08a0a3da8592e26864272677

  • SHA512

    1358b47900020e1a0863a7421a50b55b5422357d47f742770bb6825f5e57addbbfdbdc2c67db6a63b7cb0110a8ab563863249c5321c597e0da14b4009f081693

  • SSDEEP

    24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5o:gh+ZkldoPK8YaKGo

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

    • Target

      88b242578335c6510b71de310043a02b67c0c1ef08a0a3da8592e26864272677

    • Size

      904KB

    • MD5

      41ef807a9927fb23e070f869befd679f

    • SHA1

      04fe4566428103184562189e486df54c9f3011be

    • SHA256

      88b242578335c6510b71de310043a02b67c0c1ef08a0a3da8592e26864272677

    • SHA512

      1358b47900020e1a0863a7421a50b55b5422357d47f742770bb6825f5e57addbbfdbdc2c67db6a63b7cb0110a8ab563863249c5321c597e0da14b4009f081693

    • SSDEEP

      24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5o:gh+ZkldoPK8YaKGo

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

    • Revengerat family

    • Drops startup file

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks