Overview

overview

10

Static

static

5

5a6ebbd958...2a.exe

windows7-x64

10

5a6ebbd958...2a.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5a6ebbd95857c7e06b600d4b82c2145e728586d2a2112c8bf463e3ddd46a2d2a

  • Size

    903KB

  • Sample

    240629-1hsppszglm

  • MD5

    b19724bfadaeedf15197de0c8bc16180

  • SHA1

    02d4956c9927e064d139a844a4baa36a21d0138b

  • SHA256

    5a6ebbd95857c7e06b600d4b82c2145e728586d2a2112c8bf463e3ddd46a2d2a

  • SHA512

    6aa9ff41d6272e3aa80dc1961c616058cdeb9829cfe9e67804e2d4d099402e92f5f49227e3bc92dce51457119ce0ec4c6144c2048c6ada09da9c56bc6189a07b

  • SSDEEP

    24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5R:gh+ZkldoPK8YaKGR

Score
10/10
revengeratmarzo26trojan

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

    • Target

      5a6ebbd95857c7e06b600d4b82c2145e728586d2a2112c8bf463e3ddd46a2d2a

    • Size

      903KB

    • MD5

      b19724bfadaeedf15197de0c8bc16180

    • SHA1

      02d4956c9927e064d139a844a4baa36a21d0138b

    • SHA256

      5a6ebbd95857c7e06b600d4b82c2145e728586d2a2112c8bf463e3ddd46a2d2a

    • SHA512

      6aa9ff41d6272e3aa80dc1961c616058cdeb9829cfe9e67804e2d4d099402e92f5f49227e3bc92dce51457119ce0ec4c6144c2048c6ada09da9c56bc6189a07b

    • SSDEEP

      24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5R:gh+ZkldoPK8YaKGR

    Score
    10/10
    revengeratmarzo26trojan

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

      trojanrevengerat

    • Drops startup file

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks