General

  • Target

    8e403bc5a2d05729af8627053514b290_NeikiAnalytics.exe

  • Size

    903KB

  • Sample

    240601-fjrhtaae7v

  • MD5

    8e403bc5a2d05729af8627053514b290

  • SHA1

    3a7e359b17937771f6d5e5b1b6970c9974708efa

  • SHA256

    8b43bc729b449eee1f2ca87c14d74280735501c3965ef71dd7454145dc875a65

  • SHA512

    e086c563e40bb6cf0a84b91a5e5556b4079a801c8b415239b3c112a80f5f0dd66016d84438058466c1bd253106bbc6668420bd6363bfd755e3976070a0a432e8

  • SSDEEP

    24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5W:gh+ZkldoPK8YaKGW

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

    • Target

      8e403bc5a2d05729af8627053514b290_NeikiAnalytics.exe

    • Size

      903KB

    • MD5

      8e403bc5a2d05729af8627053514b290

    • SHA1

      3a7e359b17937771f6d5e5b1b6970c9974708efa

    • SHA256

      8b43bc729b449eee1f2ca87c14d74280735501c3965ef71dd7454145dc875a65

    • SHA512

      e086c563e40bb6cf0a84b91a5e5556b4079a801c8b415239b3c112a80f5f0dd66016d84438058466c1bd253106bbc6668420bd6363bfd755e3976070a0a432e8

    • SSDEEP

      24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5W:gh+ZkldoPK8YaKGW

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

    • Drops startup file

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks