General
-
Target
c1cb001c81b8727304885a02ab5ec6d0_NeikiAnalytics
-
Size
951KB
-
Sample
240514-lwxs9abd34
-
MD5
c1cb001c81b8727304885a02ab5ec6d0
-
SHA1
2db9cf706c3fa78ef98b61bac83e92db14f67814
-
SHA256
7407d1e4c2d80c1007560c22a7ac8849846dd05d8cf85137d9a1d27515d4d3a5
-
SHA512
c796326e49fc01c15453d435cc3ac159ac368fc3bf8f5024d71ea235e88f3f3e073f368ed953c298cfd557bbc46c974abfdee7f78ace1f4c86b7800ba5732949
-
SSDEEP
24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT55:Rh+ZkldDPK8YaKj5
Malware Config
Extracted
revengerat
Marzo26
marzorevenger.duckdns.org:4230
RV_MUTEX-PiGGjjtnxDpn
Targets
-
-
Target
c1cb001c81b8727304885a02ab5ec6d0_NeikiAnalytics
-
Size
951KB
-
MD5
c1cb001c81b8727304885a02ab5ec6d0
-
SHA1
2db9cf706c3fa78ef98b61bac83e92db14f67814
-
SHA256
7407d1e4c2d80c1007560c22a7ac8849846dd05d8cf85137d9a1d27515d4d3a5
-
SHA512
c796326e49fc01c15453d435cc3ac159ac368fc3bf8f5024d71ea235e88f3f3e073f368ed953c298cfd557bbc46c974abfdee7f78ace1f4c86b7800ba5732949
-
SSDEEP
24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT55:Rh+ZkldDPK8YaKj5
Score10/10-
RevengeRAT
Remote-access trojan with a wide range of capabilities.
-
Drops startup file
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-