Overview

overview

10

Static

static

5

a0c0fc87be...cs.exe

windows7-x64

10

a0c0fc87be...cs.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a0c0fc87be79764838a6ef87b21e73b0_NeikiAnalytics.exe

  • Size

    903KB

  • Sample

    240523-hx4reaha77

  • MD5

    a0c0fc87be79764838a6ef87b21e73b0

  • SHA1

    dbf271f13fe2d82d0d7a81c871234e9dc05ccb35

  • SHA256

    98d7fecc90b43b09c2d4fbb4605cafd49f8e8340c93a87080166082624427284

  • SHA512

    3cd9165ed38b8a4ad710fae4fbf2dfe3e494dbf08b6fb2fee4a6acab07c6b69f789a97fc47d74fff8f4a7bbf02a1ed2d36289a99d8fd8fafdb92019b26fb1ba8

  • SSDEEP

    24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5e:gh+ZkldoPK8YaKGe

Score
10/10
revengeratmarzo26trojan

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

    • Target

      a0c0fc87be79764838a6ef87b21e73b0_NeikiAnalytics.exe

    • Size

      903KB

    • MD5

      a0c0fc87be79764838a6ef87b21e73b0

    • SHA1

      dbf271f13fe2d82d0d7a81c871234e9dc05ccb35

    • SHA256

      98d7fecc90b43b09c2d4fbb4605cafd49f8e8340c93a87080166082624427284

    • SHA512

      3cd9165ed38b8a4ad710fae4fbf2dfe3e494dbf08b6fb2fee4a6acab07c6b69f789a97fc47d74fff8f4a7bbf02a1ed2d36289a99d8fd8fafdb92019b26fb1ba8

    • SSDEEP

      24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5e:gh+ZkldoPK8YaKGe

    Score
    10/10
    revengeratmarzo26trojan

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

      trojanrevengerat

    • Drops startup file

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks