Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    4dbe21ec0fe1443ffd0279e18a34e3e52de6a80fb8de7dab429c8c5756011feeN.exe

  • Size

    905KB

  • Sample

    250124-qcfg3szkhs

  • MD5

    b72c87e283c4ee09d7300cf45f40b960

  • SHA1

    95ca7087e6e25ae0d3b74ebe083efbc489047022

  • SHA256

    4dbe21ec0fe1443ffd0279e18a34e3e52de6a80fb8de7dab429c8c5756011fee

  • SHA512

    a03a6648dce32843009423aa8a3c42056a56a4b9418f3b5dfebf50093312b9f16f8e285d7d04861712efa35c83418b55cbe63ad7b3a384af2042756b471ee2d1

  • SSDEEP

    24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5S:gh+ZkldoPK8YaKGS

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

    • Target

      4dbe21ec0fe1443ffd0279e18a34e3e52de6a80fb8de7dab429c8c5756011feeN.exe

    • Size

      905KB

    • MD5

      b72c87e283c4ee09d7300cf45f40b960

    • SHA1

      95ca7087e6e25ae0d3b74ebe083efbc489047022

    • SHA256

      4dbe21ec0fe1443ffd0279e18a34e3e52de6a80fb8de7dab429c8c5756011fee

    • SHA512

      a03a6648dce32843009423aa8a3c42056a56a4b9418f3b5dfebf50093312b9f16f8e285d7d04861712efa35c83418b55cbe63ad7b3a384af2042756b471ee2d1

    • SSDEEP

      24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5S:gh+ZkldoPK8YaKGS

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

    • Revengerat family

    • Drops startup file

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks