Overview

overview

10

Static

static

5

e6effaafe6...cs.exe

windows7-x64

10

e6effaafe6...cs.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e6effaafe6df0d3e083ba2a59f80c820_NeikiAnalytics.exe

  • Size

    903KB

  • Sample

    240517-k7hm2abd93

  • MD5

    e6effaafe6df0d3e083ba2a59f80c820

  • SHA1

    a3e2659279586b9436c50d7d52d2d97c7fe6c9b1

  • SHA256

    01fba8f886ce7342de5897a146ebf2a024ce9363ff7e7528c1ad9ca2626cafb1

  • SHA512

    01ad6a3302bfba522df62a8ce26d989d834ed56e5991a5cdb88b2c5edb29e2134f7bd08803936086323f1fc88343cc8e7bfc2c734b92c1d0c45dc93571feb528

  • SSDEEP

    24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5w:gh+ZkldoPK8YaKGw

Score
10/10
revengeratmarzo26trojan

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

    • Target

      e6effaafe6df0d3e083ba2a59f80c820_NeikiAnalytics.exe

    • Size

      903KB

    • MD5

      e6effaafe6df0d3e083ba2a59f80c820

    • SHA1

      a3e2659279586b9436c50d7d52d2d97c7fe6c9b1

    • SHA256

      01fba8f886ce7342de5897a146ebf2a024ce9363ff7e7528c1ad9ca2626cafb1

    • SHA512

      01ad6a3302bfba522df62a8ce26d989d834ed56e5991a5cdb88b2c5edb29e2134f7bd08803936086323f1fc88343cc8e7bfc2c734b92c1d0c45dc93571feb528

    • SSDEEP

      24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5w:gh+ZkldoPK8YaKGw

    Score
    10/10
    revengeratmarzo26trojan

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

      trojanrevengerat

    • Drops startup file

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks