General
-
Target
d0ccf54b6318b11b3cbfc10db6a640a53b891394e4274b1d3237a965ca13be1c
-
Size
951KB
-
Sample
240625-c6qcgszdkk
-
MD5
8d070d5b00f7a003f64c52d3fb5e4c84
-
SHA1
ce2e6f6da0854074a27d0170d35e0784da69139f
-
SHA256
d0ccf54b6318b11b3cbfc10db6a640a53b891394e4274b1d3237a965ca13be1c
-
SHA512
b3959c2c7e7e654c6f58cb7cba132400faa2cfbb5d6668469bb4021eb58a9fba91908468f3eab468ff8eec1fb07031f8917ac82c128eb17f358a72bd6d25f327
-
SSDEEP
24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT5e:Rh+ZkldDPK8YaKje
Static task
static1
Behavioral task
behavioral1
Sample
d0ccf54b6318b11b3cbfc10db6a640a53b891394e4274b1d3237a965ca13be1c.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
d0ccf54b6318b11b3cbfc10db6a640a53b891394e4274b1d3237a965ca13be1c.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
revengerat
Marzo26
marzorevenger.duckdns.org:4230
RV_MUTEX-PiGGjjtnxDpn
Targets
-
-
Target
d0ccf54b6318b11b3cbfc10db6a640a53b891394e4274b1d3237a965ca13be1c
-
Size
951KB
-
MD5
8d070d5b00f7a003f64c52d3fb5e4c84
-
SHA1
ce2e6f6da0854074a27d0170d35e0784da69139f
-
SHA256
d0ccf54b6318b11b3cbfc10db6a640a53b891394e4274b1d3237a965ca13be1c
-
SHA512
b3959c2c7e7e654c6f58cb7cba132400faa2cfbb5d6668469bb4021eb58a9fba91908468f3eab468ff8eec1fb07031f8917ac82c128eb17f358a72bd6d25f327
-
SSDEEP
24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT5e:Rh+ZkldDPK8YaKje
Score10/10-
Drops startup file
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-