Overview

overview

10

Static

static

5

0e189e6813...cs.exe

windows7-x64

10

0e189e6813...cs.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0e189e681318084774fb369908e3d1cf564a3476c172cde41883463fdfe54ff9_NeikiAnalytics.exe

  • Size

    951KB

  • Sample

    240629-3n5ybsshnr

  • MD5

    79eb5dd999b28b9ba68c2cf429bfbf50

  • SHA1

    3d624c1a48199cfd91e8722e0277dcaa8581e5e0

  • SHA256

    0e189e681318084774fb369908e3d1cf564a3476c172cde41883463fdfe54ff9

  • SHA512

    1bf9d612d1a6476cfabc1157235ffcbac83f574411b571109946ef540823f38b4f4ebcf73d034538d130616bbf34b490e542c18da6e204004ad13a52a989ff88

  • SSDEEP

    24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT5t:Rh+ZkldDPK8YaKjt

Score
10/10
revengeratmarzo26trojan

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

    • Target

      0e189e681318084774fb369908e3d1cf564a3476c172cde41883463fdfe54ff9_NeikiAnalytics.exe

    • Size

      951KB

    • MD5

      79eb5dd999b28b9ba68c2cf429bfbf50

    • SHA1

      3d624c1a48199cfd91e8722e0277dcaa8581e5e0

    • SHA256

      0e189e681318084774fb369908e3d1cf564a3476c172cde41883463fdfe54ff9

    • SHA512

      1bf9d612d1a6476cfabc1157235ffcbac83f574411b571109946ef540823f38b4f4ebcf73d034538d130616bbf34b490e542c18da6e204004ad13a52a989ff88

    • SSDEEP

      24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT5t:Rh+ZkldDPK8YaKjt

    Score
    10/10
    revengeratmarzo26trojan

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

      trojanrevengerat

    • Drops startup file

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks