General
-
Target
1ef2826769851b940f201ae24d3be6caba323493d614b8fb3e5f1e947d63fc32
-
Size
951KB
-
Sample
240628-x3hhpazckh
-
MD5
3b8126e5652c1b7e1d1be7ccebba8d8e
-
SHA1
4527c3799bb60ae21589294842bba1bcb43d63e3
-
SHA256
1ef2826769851b940f201ae24d3be6caba323493d614b8fb3e5f1e947d63fc32
-
SHA512
38c45f4bbdef8d2552098fd94b30efa196946579385fb90b52f451fb1ab527ba40c800e999fa4c1d64aedbc49a4846fe672011377d79b02543d7b024330dd5a3
-
SSDEEP
24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT5A:Rh+ZkldDPK8YaKjA
Malware Config
Extracted
revengerat
Marzo26
marzorevenger.duckdns.org:4230
RV_MUTEX-PiGGjjtnxDpn
Targets
-
-
Target
1ef2826769851b940f201ae24d3be6caba323493d614b8fb3e5f1e947d63fc32
-
Size
951KB
-
MD5
3b8126e5652c1b7e1d1be7ccebba8d8e
-
SHA1
4527c3799bb60ae21589294842bba1bcb43d63e3
-
SHA256
1ef2826769851b940f201ae24d3be6caba323493d614b8fb3e5f1e947d63fc32
-
SHA512
38c45f4bbdef8d2552098fd94b30efa196946579385fb90b52f451fb1ab527ba40c800e999fa4c1d64aedbc49a4846fe672011377d79b02543d7b024330dd5a3
-
SSDEEP
24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT5A:Rh+ZkldDPK8YaKjA
Score10/10-
RevengeRAT
Remote-access trojan with a wide range of capabilities.
-
Drops startup file
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-