Overview

overview

10

Static

static

5

6e52cfe203...cs.exe

windows7-x64

10

6e52cfe203...cs.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6e52cfe2030e86cfeeb9fd4c9f987325daf7f47e47088c8f70a8bc1fc4338169_NeikiAnalytics.exe

  • Size

    951KB

  • Sample

    240623-pqy1xatgnp

  • MD5

    419badf92a1d18591489edeee3375e70

  • SHA1

    cfd0c2682534435adabe0591bb9ea4ce0dc80833

  • SHA256

    6e52cfe2030e86cfeeb9fd4c9f987325daf7f47e47088c8f70a8bc1fc4338169

  • SHA512

    50f83b509fd0ca7ea6a2b3763afa40d6ebb2129d9567a712340763175f25e35f52219c049718842f880fbe023d1c99b662eefac5cdc5a952e8c368195644a278

  • SSDEEP

    24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT5Y:Rh+ZkldDPK8YaKjY

Score
10/10
revengeratmarzo26trojan

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

    • Target

      6e52cfe2030e86cfeeb9fd4c9f987325daf7f47e47088c8f70a8bc1fc4338169_NeikiAnalytics.exe

    • Size

      951KB

    • MD5

      419badf92a1d18591489edeee3375e70

    • SHA1

      cfd0c2682534435adabe0591bb9ea4ce0dc80833

    • SHA256

      6e52cfe2030e86cfeeb9fd4c9f987325daf7f47e47088c8f70a8bc1fc4338169

    • SHA512

      50f83b509fd0ca7ea6a2b3763afa40d6ebb2129d9567a712340763175f25e35f52219c049718842f880fbe023d1c99b662eefac5cdc5a952e8c368195644a278

    • SSDEEP

      24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT5Y:Rh+ZkldDPK8YaKjY

    Score
    10/10
    revengeratmarzo26trojan

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

      trojanrevengerat

    • Drops startup file

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks