Overview

overview

10

Static

static

5

3942105b21...cs.exe

windows7-x64

10

3942105b21...cs.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3942105b21eba2638a250baf6fefc5d3b012257e03bd9303cde10ad80645a38f_NeikiAnalytics.exe

  • Size

    951KB

  • Sample

    240625-gwyckatgpg

  • MD5

    f5c61b39ccc41ac9ad08459e52d42b70

  • SHA1

    9e249e1d3658095421701e29bb8b610b0d250b2e

  • SHA256

    3942105b21eba2638a250baf6fefc5d3b012257e03bd9303cde10ad80645a38f

  • SHA512

    1427379f197df4932312eeeb68f2e62a254325afdf28663fbfa07ea6a51d6fde171f55bddc34866292a3c215997bc3c9e6fba21bb54153abe3a0657262606aa1

  • SSDEEP

    24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT5J:Rh+ZkldDPK8YaKjJ

Score
10/10
revengeratmarzo26trojan

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

    • Target

      3942105b21eba2638a250baf6fefc5d3b012257e03bd9303cde10ad80645a38f_NeikiAnalytics.exe

    • Size

      951KB

    • MD5

      f5c61b39ccc41ac9ad08459e52d42b70

    • SHA1

      9e249e1d3658095421701e29bb8b610b0d250b2e

    • SHA256

      3942105b21eba2638a250baf6fefc5d3b012257e03bd9303cde10ad80645a38f

    • SHA512

      1427379f197df4932312eeeb68f2e62a254325afdf28663fbfa07ea6a51d6fde171f55bddc34866292a3c215997bc3c9e6fba21bb54153abe3a0657262606aa1

    • SSDEEP

      24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT5J:Rh+ZkldDPK8YaKjJ

    Score
    10/10
    revengeratmarzo26trojan

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

      trojanrevengerat

    • Drops startup file

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks