Overview

overview

10

Static

static

5

6e29d5c879...cs.exe

windows7-x64

10

6e29d5c879...cs.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6e29d5c879efaeecaa6909ae797fff10_NeikiAnalytics.exe

  • Size

    951KB

  • Sample

    240520-atfleaba25

  • MD5

    6e29d5c879efaeecaa6909ae797fff10

  • SHA1

    8dde3baa2ead8e1d068fb03440e8c609f85fb510

  • SHA256

    a056ea58e1ad33ca269668fcd643448aad89eaf201f63d107d7f482a00f97696

  • SHA512

    989bf64516ea04e0e92ebfae7cd08b1d3c71949d1be2e0052ac3c63ee095af30903fae54c5103559da118ce058f21ff21853a11e2a593bbbe6cc5a6947f3dcd8

  • SSDEEP

    24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT5O:Rh+ZkldDPK8YaKjO

Score
10/10
revengeratmarzo26trojan

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

    • Target

      6e29d5c879efaeecaa6909ae797fff10_NeikiAnalytics.exe

    • Size

      951KB

    • MD5

      6e29d5c879efaeecaa6909ae797fff10

    • SHA1

      8dde3baa2ead8e1d068fb03440e8c609f85fb510

    • SHA256

      a056ea58e1ad33ca269668fcd643448aad89eaf201f63d107d7f482a00f97696

    • SHA512

      989bf64516ea04e0e92ebfae7cd08b1d3c71949d1be2e0052ac3c63ee095af30903fae54c5103559da118ce058f21ff21853a11e2a593bbbe6cc5a6947f3dcd8

    • SSDEEP

      24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT5O:Rh+ZkldDPK8YaKjO

    Score
    10/10
    revengeratmarzo26trojan

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

      trojanrevengerat

    • Drops startup file

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks