Overview

overview

10

Static

static

5

f752e99a01...07.exe

windows7-x64

10

f752e99a01...07.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f752e99a0103a5885e0368c133b9cf9c88746ef2119d83657bec47e294c06b07

  • Size

    951KB

  • Sample

    240621-f8tpgatarj

  • MD5

    c844db616bbf2e2f1ec1888da7850d06

  • SHA1

    6466b3fa809468190fcdb8beb333baf150781f09

  • SHA256

    f752e99a0103a5885e0368c133b9cf9c88746ef2119d83657bec47e294c06b07

  • SHA512

    bea1899cfe8287656287b7e11381b352e1fbff1fa759da5aab50c3fa06b25ec14dcfe26f3f3418425201b0dfc074d208fe4931d76eab1d912b69f0a6827b0a9f

  • SSDEEP

    24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT5HV:Rh+ZkldDPK8YaKjHV

Score
10/10
revengeratmarzo26trojan

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

    • Target

      f752e99a0103a5885e0368c133b9cf9c88746ef2119d83657bec47e294c06b07

    • Size

      951KB

    • MD5

      c844db616bbf2e2f1ec1888da7850d06

    • SHA1

      6466b3fa809468190fcdb8beb333baf150781f09

    • SHA256

      f752e99a0103a5885e0368c133b9cf9c88746ef2119d83657bec47e294c06b07

    • SHA512

      bea1899cfe8287656287b7e11381b352e1fbff1fa759da5aab50c3fa06b25ec14dcfe26f3f3418425201b0dfc074d208fe4931d76eab1d912b69f0a6827b0a9f

    • SSDEEP

      24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT5HV:Rh+ZkldDPK8YaKjHV

    Score
    10/10
    revengeratmarzo26trojan

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

      trojanrevengerat

    • Drops startup file

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks