Overview

overview

10

Static

static

5

060c7d9534...cs.exe

windows7-x64

10

060c7d9534...cs.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    060c7d9534ee663091b7bef61778d0e6c8edb22fabea8c8576a011de54fe22c9_NeikiAnalytics.exe

  • Size

    951KB

  • Sample

    240621-vlepcsyarg

  • MD5

    6ccced0c3a76bf3b5e896c361ba5e120

  • SHA1

    461eee40c2740902b7b296e14869346c1898fca6

  • SHA256

    060c7d9534ee663091b7bef61778d0e6c8edb22fabea8c8576a011de54fe22c9

  • SHA512

    4d72c99b90f0eda717c54ad84360be3a1cbccb77de9d0b5a040dce416b4792fc89712c8d907f0d52e7e02876c91099f6aaa97d017d8602eadff121241283bb4b

  • SSDEEP

    24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT5p:Rh+ZkldDPK8YaKjp

Score
10/10
revengeratmarzo26trojan

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

    • Target

      060c7d9534ee663091b7bef61778d0e6c8edb22fabea8c8576a011de54fe22c9_NeikiAnalytics.exe

    • Size

      951KB

    • MD5

      6ccced0c3a76bf3b5e896c361ba5e120

    • SHA1

      461eee40c2740902b7b296e14869346c1898fca6

    • SHA256

      060c7d9534ee663091b7bef61778d0e6c8edb22fabea8c8576a011de54fe22c9

    • SHA512

      4d72c99b90f0eda717c54ad84360be3a1cbccb77de9d0b5a040dce416b4792fc89712c8d907f0d52e7e02876c91099f6aaa97d017d8602eadff121241283bb4b

    • SSDEEP

      24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT5p:Rh+ZkldDPK8YaKjp

    Score
    10/10
    revengeratmarzo26trojan

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

      trojanrevengerat

    • Drops startup file

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks