Overview

overview

10

Static

static

5

7348c2abc4...cs.exe

windows7-x64

10

7348c2abc4...cs.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7348c2abc4cc4044fc93214fb87a9cd0_NeikiAnalytics.exe

  • Size

    951KB

  • Sample

    240525-b64z7sac6z

  • MD5

    7348c2abc4cc4044fc93214fb87a9cd0

  • SHA1

    8d3664181ad3889d69b1e515322d563116bc745d

  • SHA256

    0297429c8ebec865fb090e5aa0aa643dbc37f2de108157d010e36020297db78c

  • SHA512

    25296defd07186e64e8044433d40c971f6e535372ccc2dda916bc8afe182d06be222853519fe584bf9c2a71721181dab031699a9127c1b9a2ea9791c8510bd87

  • SSDEEP

    24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT5C:Rh+ZkldDPK8YaKjC

Score
10/10
revengeratmarzo26trojan

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

    • Target

      7348c2abc4cc4044fc93214fb87a9cd0_NeikiAnalytics.exe

    • Size

      951KB

    • MD5

      7348c2abc4cc4044fc93214fb87a9cd0

    • SHA1

      8d3664181ad3889d69b1e515322d563116bc745d

    • SHA256

      0297429c8ebec865fb090e5aa0aa643dbc37f2de108157d010e36020297db78c

    • SHA512

      25296defd07186e64e8044433d40c971f6e535372ccc2dda916bc8afe182d06be222853519fe584bf9c2a71721181dab031699a9127c1b9a2ea9791c8510bd87

    • SSDEEP

      24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT5C:Rh+ZkldDPK8YaKjC

    Score
    10/10
    revengeratmarzo26trojan

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

      trojanrevengerat

    • Drops startup file

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks