Overview

overview

10

Static

static

5

92fec61b83...cs.exe

windows7-x64

10

92fec61b83...cs.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    92fec61b8346e687835a269ddad8ce836eec8f41a56d8b166bd69f640a59c370_NeikiAnalytics.exe

  • Size

    904KB

  • Sample

    240628-mecmesxanm

  • MD5

    308b9e73cf0b29158d936c87d8dda4f0

  • SHA1

    f1d5d9c38ff45d81d20e049b26554d1cfe9ce04a

  • SHA256

    92fec61b8346e687835a269ddad8ce836eec8f41a56d8b166bd69f640a59c370

  • SHA512

    bb3f6581ebc6c24a79fbbfbf58e98b24c91a97cbd79321f68f921db1ac0bb2a250ed111a0cc1cd46faaea1019213707c09d22a89b3688a6fe660ea4af6c20853

  • SSDEEP

    24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5L:gh+ZkldoPK8YaKGL

Score
10/10
revengeratmarzo26trojan

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

    • Target

      92fec61b8346e687835a269ddad8ce836eec8f41a56d8b166bd69f640a59c370_NeikiAnalytics.exe

    • Size

      904KB

    • MD5

      308b9e73cf0b29158d936c87d8dda4f0

    • SHA1

      f1d5d9c38ff45d81d20e049b26554d1cfe9ce04a

    • SHA256

      92fec61b8346e687835a269ddad8ce836eec8f41a56d8b166bd69f640a59c370

    • SHA512

      bb3f6581ebc6c24a79fbbfbf58e98b24c91a97cbd79321f68f921db1ac0bb2a250ed111a0cc1cd46faaea1019213707c09d22a89b3688a6fe660ea4af6c20853

    • SSDEEP

      24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5L:gh+ZkldoPK8YaKGL

    Score
    10/10
    revengeratmarzo26trojan

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

      trojanrevengerat

    • Drops startup file

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks