General

  • Target

    a9bacadadaf4fcd9582eb3f30ab9ba6f14335dd00babeae775a7cd7985cd8933N.exe

  • Size

    952KB

  • Sample

    241205-y37m9awram

  • MD5

    1f847ff9ae31620a8aed7e5773064d20

  • SHA1

    11701c15b77339930a37cde6bb3d6e9ef588af0d

  • SHA256

    a9bacadadaf4fcd9582eb3f30ab9ba6f14335dd00babeae775a7cd7985cd8933

  • SHA512

    99225d4151df16dca9cdd10ea47846a0da664e20e85f414d21de5842b0ee011bc1f0142c910c8432220771408002d3e42ec0f0f07ff1d52b62b036eebb9b2756

  • SSDEEP

    24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT5w:Rh+ZkldDPK8YaKjw

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

    • Target

      a9bacadadaf4fcd9582eb3f30ab9ba6f14335dd00babeae775a7cd7985cd8933N.exe

    • Size

      952KB

    • MD5

      1f847ff9ae31620a8aed7e5773064d20

    • SHA1

      11701c15b77339930a37cde6bb3d6e9ef588af0d

    • SHA256

      a9bacadadaf4fcd9582eb3f30ab9ba6f14335dd00babeae775a7cd7985cd8933

    • SHA512

      99225d4151df16dca9cdd10ea47846a0da664e20e85f414d21de5842b0ee011bc1f0142c910c8432220771408002d3e42ec0f0f07ff1d52b62b036eebb9b2756

    • SSDEEP

      24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT5w:Rh+ZkldDPK8YaKjw

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

    • Revengerat family

    • Drops startup file

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks