Overview

overview

10

Static

static

5

2c42249e96...cs.exe

windows7-x64

10

2c42249e96...cs.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2c42249e96703726c61517966866ffdcebc00219ebde0e6f58edb8a0ac41689d_NeikiAnalytics.exe

  • Size

    951KB

  • Sample

    240626-axh6pswdmq

  • MD5

    ce2f94edb12977d80bcd1dfd4e206820

  • SHA1

    9764a8b32ca5f2074ece2d8616281421a5e28fb0

  • SHA256

    2c42249e96703726c61517966866ffdcebc00219ebde0e6f58edb8a0ac41689d

  • SHA512

    c7960737f07d2b49e5612eb49327d29c3f60c3cb41be5d39abe5e86c2af319fc899cf7daa8bfdf98cc220ca7f1cc2354137fa03ee1e14933a9d9dc135ec23721

  • SSDEEP

    24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT5R:Rh+ZkldDPK8YaKjR

Score
10/10
revengeratmarzo26trojan

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

    • Target

      2c42249e96703726c61517966866ffdcebc00219ebde0e6f58edb8a0ac41689d_NeikiAnalytics.exe

    • Size

      951KB

    • MD5

      ce2f94edb12977d80bcd1dfd4e206820

    • SHA1

      9764a8b32ca5f2074ece2d8616281421a5e28fb0

    • SHA256

      2c42249e96703726c61517966866ffdcebc00219ebde0e6f58edb8a0ac41689d

    • SHA512

      c7960737f07d2b49e5612eb49327d29c3f60c3cb41be5d39abe5e86c2af319fc899cf7daa8bfdf98cc220ca7f1cc2354137fa03ee1e14933a9d9dc135ec23721

    • SSDEEP

      24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT5R:Rh+ZkldDPK8YaKjR

    Score
    10/10
    revengeratmarzo26trojan

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

      trojanrevengerat

    • Drops startup file

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks