Overview

overview

10

Static

static

5

6e7e4d1d71...cs.exe

windows7-x64

10

6e7e4d1d71...cs.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6e7e4d1d717f5d98921a51a0bc977cf0_NeikiAnalytics.exe

  • Size

    951KB

  • Sample

    240519-eq3nzshg2s

  • MD5

    6e7e4d1d717f5d98921a51a0bc977cf0

  • SHA1

    ed55139a8b497d7c3cd39e9d2e69f762bea43fad

  • SHA256

    3866c549f8a72dd94ace138bc8802c34a553125e82e8e090de055b3578c42030

  • SHA512

    56424483eda77928a58be602b7fb4425f373c5c1159fee438763306f759f086e6227f1eab7684a6d43b25f5399a6805b5e2e379d12ef3472ac5dd35883ef2c72

  • SSDEEP

    24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT5F:Rh+ZkldDPK8YaKjF

Score
10/10
revengeratmarzo26trojan

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

    • Target

      6e7e4d1d717f5d98921a51a0bc977cf0_NeikiAnalytics.exe

    • Size

      951KB

    • MD5

      6e7e4d1d717f5d98921a51a0bc977cf0

    • SHA1

      ed55139a8b497d7c3cd39e9d2e69f762bea43fad

    • SHA256

      3866c549f8a72dd94ace138bc8802c34a553125e82e8e090de055b3578c42030

    • SHA512

      56424483eda77928a58be602b7fb4425f373c5c1159fee438763306f759f086e6227f1eab7684a6d43b25f5399a6805b5e2e379d12ef3472ac5dd35883ef2c72

    • SSDEEP

      24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT5F:Rh+ZkldDPK8YaKjF

    Score
    10/10
    revengeratmarzo26trojan

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

      trojanrevengerat

    • Drops startup file

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks