General

  • Target

    15a42b264822b4978ae98abcb4a7f2ba5a3f9e1c0aa9f3167208f661bccb9e9e.exe

  • Size

    904KB

  • Sample

    241203-gqn7psyndr

  • MD5

    93aef7f781d5cd3271da2cbd99c32e4e

  • SHA1

    3e8f43412cfa70289189f833614b78d4d1a6b86c

  • SHA256

    15a42b264822b4978ae98abcb4a7f2ba5a3f9e1c0aa9f3167208f661bccb9e9e

  • SHA512

    194e7b9d8d3bdfdb6055dee246b9a0cd75dbf32b7e07c72ab2666bc4000af0f29c6871a9771d86b49474df0ebd6ed23b9144dbb0df8aa8d080ffe41ac1600ff2

  • SSDEEP

    24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5i:gh+ZkldoPK8YaKGi

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

    • Target

      15a42b264822b4978ae98abcb4a7f2ba5a3f9e1c0aa9f3167208f661bccb9e9e.exe

    • Size

      904KB

    • MD5

      93aef7f781d5cd3271da2cbd99c32e4e

    • SHA1

      3e8f43412cfa70289189f833614b78d4d1a6b86c

    • SHA256

      15a42b264822b4978ae98abcb4a7f2ba5a3f9e1c0aa9f3167208f661bccb9e9e

    • SHA512

      194e7b9d8d3bdfdb6055dee246b9a0cd75dbf32b7e07c72ab2666bc4000af0f29c6871a9771d86b49474df0ebd6ed23b9144dbb0df8aa8d080ffe41ac1600ff2

    • SSDEEP

      24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5i:gh+ZkldoPK8YaKGi

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

    • Revengerat family

    • Drops startup file

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks