Overview

overview

10

Static

static

5

38c88cce19...cs.exe

windows7-x64

10

38c88cce19...cs.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    38c88cce19a2130b57845fca095b8ef0_NeikiAnalytics

  • Size

    951KB

  • Sample

    240512-weelfsbh54

  • MD5

    38c88cce19a2130b57845fca095b8ef0

  • SHA1

    42a62df01866a0b94274b1ddd5516e1c6b973883

  • SHA256

    7fe1183187c26d19c2812b9a06edb7feb7362b2e3bd2f34f1920f8aab2f6e819

  • SHA512

    ad20d05d7d4c80e48437ac24e63ed522e5ae0f6646e5071f278c89d1d5c71e2b521c1e11e1a12096ec536538f289392c10d2f1f3c5f4e5ccaaa11423cf31300d

  • SSDEEP

    24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT54:Rh+ZkldDPK8YaKj4

Score
10/10
revengeratmarzo26trojan

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

    • Target

      38c88cce19a2130b57845fca095b8ef0_NeikiAnalytics

    • Size

      951KB

    • MD5

      38c88cce19a2130b57845fca095b8ef0

    • SHA1

      42a62df01866a0b94274b1ddd5516e1c6b973883

    • SHA256

      7fe1183187c26d19c2812b9a06edb7feb7362b2e3bd2f34f1920f8aab2f6e819

    • SHA512

      ad20d05d7d4c80e48437ac24e63ed522e5ae0f6646e5071f278c89d1d5c71e2b521c1e11e1a12096ec536538f289392c10d2f1f3c5f4e5ccaaa11423cf31300d

    • SSDEEP

      24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT54:Rh+ZkldDPK8YaKj4

    Score
    10/10
    revengeratmarzo26trojan

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

      trojanrevengerat

    • Drops startup file

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks