Overview

overview

10

Static

static

5

c40c803e0f...cs.exe

windows7-x64

10

c40c803e0f...cs.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c40c803e0f590bd71114090e51d1c930_NeikiAnalytics

  • Size

    903KB

  • Sample

    240514-m895sadd76

  • MD5

    c40c803e0f590bd71114090e51d1c930

  • SHA1

    b1a141718f82be0e03a22d89a72e04b4caba3b98

  • SHA256

    da7c2ea478dcb61a43a1b77197f9cb27907d18f6649a8866706c76aa0b9b7463

  • SHA512

    d08d30873a07153251e252aee8cad503334fe1518977cbc979bb5e8fa2e691552b906e6ad024f70ffde8166a133113e35ae8ae8e3361894ad5810a8afb0ae9fa

  • SSDEEP

    24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5j:gh+ZkldoPK8YaKGj

Score
10/10
revengeratmarzo26trojan

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

    • Target

      c40c803e0f590bd71114090e51d1c930_NeikiAnalytics

    • Size

      903KB

    • MD5

      c40c803e0f590bd71114090e51d1c930

    • SHA1

      b1a141718f82be0e03a22d89a72e04b4caba3b98

    • SHA256

      da7c2ea478dcb61a43a1b77197f9cb27907d18f6649a8866706c76aa0b9b7463

    • SHA512

      d08d30873a07153251e252aee8cad503334fe1518977cbc979bb5e8fa2e691552b906e6ad024f70ffde8166a133113e35ae8ae8e3361894ad5810a8afb0ae9fa

    • SSDEEP

      24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5j:gh+ZkldoPK8YaKGj

    Score
    10/10
    revengeratmarzo26trojan

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

      trojanrevengerat

    • Drops startup file

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks