General

  • Target

    768acad0260a02ec7e5c4f33542db412aeecf1e7a49471192a2f440923819ff8

  • Size

    952KB

  • Sample

    250109-cyr64strds

  • MD5

    c769c5410e0227275c1aeefd10c85b71

  • SHA1

    34f90dc7dbdaab0f0efc920a3d6bee405944e4ce

  • SHA256

    768acad0260a02ec7e5c4f33542db412aeecf1e7a49471192a2f440923819ff8

  • SHA512

    bf326443dabb037dfc86a1891d04f408e1bd1e4a020d4ea182348c3f1b79314bd8fd90b5d4fbe265ca2fccdaf8cbc436927ac633abfe7212763150018d6186e4

  • SSDEEP

    24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT5G:Rh+ZkldDPK8YaKjG

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

    • Target

      768acad0260a02ec7e5c4f33542db412aeecf1e7a49471192a2f440923819ff8

    • Size

      952KB

    • MD5

      c769c5410e0227275c1aeefd10c85b71

    • SHA1

      34f90dc7dbdaab0f0efc920a3d6bee405944e4ce

    • SHA256

      768acad0260a02ec7e5c4f33542db412aeecf1e7a49471192a2f440923819ff8

    • SHA512

      bf326443dabb037dfc86a1891d04f408e1bd1e4a020d4ea182348c3f1b79314bd8fd90b5d4fbe265ca2fccdaf8cbc436927ac633abfe7212763150018d6186e4

    • SSDEEP

      24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT5G:Rh+ZkldDPK8YaKjG

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

    • Revengerat family

    • Drops startup file

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks