General

  • Target

    127c053fcbc5caa8f95c8f0421d8a3473510aa287f6e884500126d8307d347baN.exe

  • Size

    905KB

  • Sample

    250110-1lsh4synh1

  • MD5

    8747a301979dd328a70fb67dee2211c0

  • SHA1

    557e3eba4c814efe41b371926a96e0dd7b9362c4

  • SHA256

    127c053fcbc5caa8f95c8f0421d8a3473510aa287f6e884500126d8307d347ba

  • SHA512

    573f740f11eb2312ad8e61021a92a94f9e518d750a0ee1d244eba666ece9b2c0c6ce58441a09071bd7bf632ffb85cdd3b87f0496d48b6a9175de04bfa2642dac

  • SSDEEP

    24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5K:gh+ZkldoPK8YaKGK

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

    • Target

      127c053fcbc5caa8f95c8f0421d8a3473510aa287f6e884500126d8307d347baN.exe

    • Size

      905KB

    • MD5

      8747a301979dd328a70fb67dee2211c0

    • SHA1

      557e3eba4c814efe41b371926a96e0dd7b9362c4

    • SHA256

      127c053fcbc5caa8f95c8f0421d8a3473510aa287f6e884500126d8307d347ba

    • SHA512

      573f740f11eb2312ad8e61021a92a94f9e518d750a0ee1d244eba666ece9b2c0c6ce58441a09071bd7bf632ffb85cdd3b87f0496d48b6a9175de04bfa2642dac

    • SSDEEP

      24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5K:gh+ZkldoPK8YaKGK

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

    • Revengerat family

    • Drops startup file

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks