Overview

overview

10

Static

static

5

2bf2385342...cs.exe

windows7-x64

10

2bf2385342...cs.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2bf2385342d349b54f348fb31b276796ee4de7957d45f474c19b9f7e63fd1d8f_NeikiAnalytics.exe

  • Size

    903KB

  • Sample

    240620-dd7azavdnf

  • MD5

    e0f100aa6504757205b4a1614f51d170

  • SHA1

    72b87f0e6e8dd4021ce0ef8b88578725a75baf57

  • SHA256

    2bf2385342d349b54f348fb31b276796ee4de7957d45f474c19b9f7e63fd1d8f

  • SHA512

    0c9f9169bc4454327a5045e815d76c8ec5246f2463bc096b231360b9656a7624fd0e0e3a03df2101072ae602b5fe63ec51f940ba2eb5bc259f381f215fff453c

  • SSDEEP

    24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5B:gh+ZkldoPK8YaKGB

Score
10/10
revengeratmarzo26trojan

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

    • Target

      2bf2385342d349b54f348fb31b276796ee4de7957d45f474c19b9f7e63fd1d8f_NeikiAnalytics.exe

    • Size

      903KB

    • MD5

      e0f100aa6504757205b4a1614f51d170

    • SHA1

      72b87f0e6e8dd4021ce0ef8b88578725a75baf57

    • SHA256

      2bf2385342d349b54f348fb31b276796ee4de7957d45f474c19b9f7e63fd1d8f

    • SHA512

      0c9f9169bc4454327a5045e815d76c8ec5246f2463bc096b231360b9656a7624fd0e0e3a03df2101072ae602b5fe63ec51f940ba2eb5bc259f381f215fff453c

    • SSDEEP

      24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5B:gh+ZkldoPK8YaKGB

    Score
    10/10
    revengeratmarzo26trojan

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

      trojanrevengerat

    • Drops startup file

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks