Overview

overview

10

Static

static

5

aab4a8d5f6...cs.exe

windows7-x64

10

aab4a8d5f6...cs.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    aab4a8d5f65478a5d2a98f57765b25a1c02684c6cb5bf50ccedce2c82baa9174_NeikiAnalytics.exe

  • Size

    903KB

  • Sample

    240629-n8m6pazfkr

  • MD5

    4adbd0e3484084fcbc29007064ba87d0

  • SHA1

    15357db7098859b34edd8e6399fcdb15130d98da

  • SHA256

    aab4a8d5f65478a5d2a98f57765b25a1c02684c6cb5bf50ccedce2c82baa9174

  • SHA512

    7631a62e720b32285ceb10135acf9d113941824de01f17f0b204b67bb3452df6b3a3c32715acfc540fdc6dacf25d9aa5c2b71eca6bc19274ba0e3ecf1dbb10b0

  • SSDEEP

    24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5z:gh+ZkldoPK8YaKGz

Score
10/10
revengeratmarzo26trojan

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

    • Target

      aab4a8d5f65478a5d2a98f57765b25a1c02684c6cb5bf50ccedce2c82baa9174_NeikiAnalytics.exe

    • Size

      903KB

    • MD5

      4adbd0e3484084fcbc29007064ba87d0

    • SHA1

      15357db7098859b34edd8e6399fcdb15130d98da

    • SHA256

      aab4a8d5f65478a5d2a98f57765b25a1c02684c6cb5bf50ccedce2c82baa9174

    • SHA512

      7631a62e720b32285ceb10135acf9d113941824de01f17f0b204b67bb3452df6b3a3c32715acfc540fdc6dacf25d9aa5c2b71eca6bc19274ba0e3ecf1dbb10b0

    • SSDEEP

      24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5z:gh+ZkldoPK8YaKGz

    Score
    10/10
    revengeratmarzo26trojan

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

      trojanrevengerat

    • Drops startup file

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks