Overview

overview

10

Static

static

5

662e5d565e...cs.exe

windows7-x64

10

662e5d565e...cs.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    662e5d565e083a063abb202c4ba915561727769e48c5d8bd3c94b9ad432e09a1_NeikiAnalytics.exe

  • Size

    903KB

  • Sample

    240625-qs4vlssfld

  • MD5

    2303d8c60bb52943ba93d8007a44c070

  • SHA1

    989869c819fac8575671c903a8ed5e6c6fc2fdfc

  • SHA256

    662e5d565e083a063abb202c4ba915561727769e48c5d8bd3c94b9ad432e09a1

  • SHA512

    c5b698f23a1220830e23ed05b23e0c1ea1d53fa2c21a4a0f3711298cb6c129675fae04aa7d3d814fe351ef3fd2c3b1f039e24a547bd3fc089fbdfb50e0c6b69c

  • SSDEEP

    24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5E:gh+ZkldoPK8YaKGE

Score
10/10
revengeratmarzo26trojan

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

    • Target

      662e5d565e083a063abb202c4ba915561727769e48c5d8bd3c94b9ad432e09a1_NeikiAnalytics.exe

    • Size

      903KB

    • MD5

      2303d8c60bb52943ba93d8007a44c070

    • SHA1

      989869c819fac8575671c903a8ed5e6c6fc2fdfc

    • SHA256

      662e5d565e083a063abb202c4ba915561727769e48c5d8bd3c94b9ad432e09a1

    • SHA512

      c5b698f23a1220830e23ed05b23e0c1ea1d53fa2c21a4a0f3711298cb6c129675fae04aa7d3d814fe351ef3fd2c3b1f039e24a547bd3fc089fbdfb50e0c6b69c

    • SSDEEP

      24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5E:gh+ZkldoPK8YaKGE

    Score
    10/10
    revengeratmarzo26trojan

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

      trojanrevengerat

    • Drops startup file

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks