Overview

overview

10

Static

static

5

6fa6ecf45c...cs.exe

windows7-x64

10

6fa6ecf45c...cs.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6fa6ecf45c705904d81399d154b1d500_NeikiAnalytics.exe

  • Size

    903KB

  • Sample

    240619-a73yvsvdjl

  • MD5

    6fa6ecf45c705904d81399d154b1d500

  • SHA1

    ccb3caec76f92eef95d2fa34ddb15889eef2c70b

  • SHA256

    1ee6999ffb0faa675e1988ad2928b481c6af979084b0974a5d2c86e302cdc445

  • SHA512

    855cb9ce5b435075b9daedb87e8dfeb0d2227596aeb8928a7d3dcb836d24e2031cdb13239aecdd8c1c24d7343b99c30be563195cc831dfba1d5097a176ef8245

  • SSDEEP

    24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5v:gh+ZkldoPK8YaKGv

Score
10/10
revengeratmarzo26trojan

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

    • Target

      6fa6ecf45c705904d81399d154b1d500_NeikiAnalytics.exe

    • Size

      903KB

    • MD5

      6fa6ecf45c705904d81399d154b1d500

    • SHA1

      ccb3caec76f92eef95d2fa34ddb15889eef2c70b

    • SHA256

      1ee6999ffb0faa675e1988ad2928b481c6af979084b0974a5d2c86e302cdc445

    • SHA512

      855cb9ce5b435075b9daedb87e8dfeb0d2227596aeb8928a7d3dcb836d24e2031cdb13239aecdd8c1c24d7343b99c30be563195cc831dfba1d5097a176ef8245

    • SSDEEP

      24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5v:gh+ZkldoPK8YaKGv

    Score
    10/10
    revengeratmarzo26trojan

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

      trojanrevengerat

    • Drops startup file

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks