Overview

overview

10

Static

static

5

6823de7208...cs.exe

windows7-x64

10

6823de7208...cs.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6823de7208633c27fbfdb5f0370a9350_NeikiAnalytics.exe

  • Size

    951KB

  • Sample

    240602-zz9twagc39

  • MD5

    6823de7208633c27fbfdb5f0370a9350

  • SHA1

    32becbbfed5f1ab6807d7143c7c6c4bd901915fe

  • SHA256

    ba288b3054435c49d92fce233b23c6ba12fbe01bfb71924c9d30c25f6c027223

  • SHA512

    1b9fc4007a640465970dc286eacfe5e575c8be162a52114c43950006b806fb51dc9b058fc358d9c248eab1cce985a1892d0164d800d4ec4a15f5007421a42982

  • SSDEEP

    24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT5g:Rh+ZkldDPK8YaKjg

Score
10/10
revengeratmarzo26trojan

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

    • Target

      6823de7208633c27fbfdb5f0370a9350_NeikiAnalytics.exe

    • Size

      951KB

    • MD5

      6823de7208633c27fbfdb5f0370a9350

    • SHA1

      32becbbfed5f1ab6807d7143c7c6c4bd901915fe

    • SHA256

      ba288b3054435c49d92fce233b23c6ba12fbe01bfb71924c9d30c25f6c027223

    • SHA512

      1b9fc4007a640465970dc286eacfe5e575c8be162a52114c43950006b806fb51dc9b058fc358d9c248eab1cce985a1892d0164d800d4ec4a15f5007421a42982

    • SSDEEP

      24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT5g:Rh+ZkldDPK8YaKjg

    Score
    10/10
    revengeratmarzo26trojan

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

      trojanrevengerat

    • Drops startup file

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks