Overview

overview

10

Static

static

5

e5d05d5bcd...c8.exe

windows7-x64

10

e5d05d5bcd...c8.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e5d05d5bcd0dca55887b970a36448056b1e321a2efaecd70b57dd1fd74447fc8

  • Size

    951KB

  • Sample

    240627-bj2lkavaph

  • MD5

    c5bee290da758bd2d32dadfd7d5b93ed

  • SHA1

    12f8bec54aba4efd37213970953fd3b47adcf2cc

  • SHA256

    e5d05d5bcd0dca55887b970a36448056b1e321a2efaecd70b57dd1fd74447fc8

  • SHA512

    bf91e8ecf70618ad3f8fbf17d12e71f0c970081963690a392dbbeb044e04b95c5217cba07bd7488a9ddb057597ac71a628ea87bca62120774db5ba834800b334

  • SSDEEP

    24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT5x:Rh+ZkldDPK8YaKjx

Score
10/10
revengeratmarzo26trojan

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

    • Target

      e5d05d5bcd0dca55887b970a36448056b1e321a2efaecd70b57dd1fd74447fc8

    • Size

      951KB

    • MD5

      c5bee290da758bd2d32dadfd7d5b93ed

    • SHA1

      12f8bec54aba4efd37213970953fd3b47adcf2cc

    • SHA256

      e5d05d5bcd0dca55887b970a36448056b1e321a2efaecd70b57dd1fd74447fc8

    • SHA512

      bf91e8ecf70618ad3f8fbf17d12e71f0c970081963690a392dbbeb044e04b95c5217cba07bd7488a9ddb057597ac71a628ea87bca62120774db5ba834800b334

    • SSDEEP

      24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT5x:Rh+ZkldDPK8YaKjx

    Score
    10/10
    revengeratmarzo26trojan

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

      trojanrevengerat

    • Drops startup file

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks