General

  • Target

    718e66ba31de19b40ca3be1c1513e9b5d87d83182bf54ef5e3ef27079915d26fN.exe

  • Size

    905KB

  • Sample

    241218-27fxwaxjfn

  • MD5

    820de4751ab52a3957de065b2a8fd6b0

  • SHA1

    493ecdad6921be66799d57bd4d262b3a45c97716

  • SHA256

    718e66ba31de19b40ca3be1c1513e9b5d87d83182bf54ef5e3ef27079915d26f

  • SHA512

    9925fbdd1f34fb4938ec7af3fb53f699a06ee9c455800e7376caae7550fe77a14945b7b3ee8899b7239473feb037f1f2454e88ecf7d1006aa991dde69241351c

  • SSDEEP

    24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5u:gh+ZkldoPK8YaKGu

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

    • Target

      718e66ba31de19b40ca3be1c1513e9b5d87d83182bf54ef5e3ef27079915d26fN.exe

    • Size

      905KB

    • MD5

      820de4751ab52a3957de065b2a8fd6b0

    • SHA1

      493ecdad6921be66799d57bd4d262b3a45c97716

    • SHA256

      718e66ba31de19b40ca3be1c1513e9b5d87d83182bf54ef5e3ef27079915d26f

    • SHA512

      9925fbdd1f34fb4938ec7af3fb53f699a06ee9c455800e7376caae7550fe77a14945b7b3ee8899b7239473feb037f1f2454e88ecf7d1006aa991dde69241351c

    • SSDEEP

      24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5u:gh+ZkldoPK8YaKGu

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

    • Revengerat family

    • Drops startup file

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks