Overview

overview

10

Static

static

5

4fc1f1412b...cs.exe

windows7-x64

10

4fc1f1412b...cs.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4fc1f1412bc32ac6604a47c74c349d20_NeikiAnalytics.exe

  • Size

    951KB

  • Sample

    240519-cjxhaada21

  • MD5

    4fc1f1412bc32ac6604a47c74c349d20

  • SHA1

    1340440541f7cf82631c354535ca3f459c36d99a

  • SHA256

    e325fe16c3b3c3332febe7e19c77f18b39e5a559439941e7d5286867c5d3a41a

  • SHA512

    b26b724d07ad2b187bb01bfa5815244495076ea3a4cc58c31a1a4ce033cf164a26da7b932d3b8b291d167270ec3074427c6349893426fcd34deccee03fa961a1

  • SSDEEP

    24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT5o:Rh+ZkldDPK8YaKjo

Score
10/10
revengeratmarzo26trojan

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

    • Target

      4fc1f1412bc32ac6604a47c74c349d20_NeikiAnalytics.exe

    • Size

      951KB

    • MD5

      4fc1f1412bc32ac6604a47c74c349d20

    • SHA1

      1340440541f7cf82631c354535ca3f459c36d99a

    • SHA256

      e325fe16c3b3c3332febe7e19c77f18b39e5a559439941e7d5286867c5d3a41a

    • SHA512

      b26b724d07ad2b187bb01bfa5815244495076ea3a4cc58c31a1a4ce033cf164a26da7b932d3b8b291d167270ec3074427c6349893426fcd34deccee03fa961a1

    • SSDEEP

      24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT5o:Rh+ZkldDPK8YaKjo

    Score
    10/10
    revengeratmarzo26trojan

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

      trojanrevengerat

    • Drops startup file

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks