General

  • Target

    596ded165c0783e369ddb858783aafc8f011ebf47d36d3844a02416f4544e474N.exe

  • Size

    904KB

  • Sample

    241203-vkrmjavjcz

  • MD5

    bb9ebd0e2131507797c367ff58354a30

  • SHA1

    be551068a23e99d455f36df5c7da821c03f502ab

  • SHA256

    596ded165c0783e369ddb858783aafc8f011ebf47d36d3844a02416f4544e474

  • SHA512

    5e334d8c98950b62e9ba49aa35c9cbb49c756607b8908993f911fc8c86b0f4ce625fdbd46777dc8e8f5fffcf7bc17e9e98c3fd8e5c06fe340f4c67a9d158df64

  • SSDEEP

    24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5U:gh+ZkldoPK8YaKGU

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

    • Target

      596ded165c0783e369ddb858783aafc8f011ebf47d36d3844a02416f4544e474N.exe

    • Size

      904KB

    • MD5

      bb9ebd0e2131507797c367ff58354a30

    • SHA1

      be551068a23e99d455f36df5c7da821c03f502ab

    • SHA256

      596ded165c0783e369ddb858783aafc8f011ebf47d36d3844a02416f4544e474

    • SHA512

      5e334d8c98950b62e9ba49aa35c9cbb49c756607b8908993f911fc8c86b0f4ce625fdbd46777dc8e8f5fffcf7bc17e9e98c3fd8e5c06fe340f4c67a9d158df64

    • SSDEEP

      24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5U:gh+ZkldoPK8YaKGU

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

    • Revengerat family

    • Drops startup file

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks