Overview

overview

10

Static

static

5

b3a92326b6...cs.exe

windows7-x64

10

b3a92326b6...cs.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b3a92326b69ab411eedd3fb7e03a54cda73ad19ff5381df3182d38f5246228bd_NeikiAnalytics.exe

  • Size

    904KB

  • Sample

    240629-t9jgsa1fjf

  • MD5

    85c0faa3c8ec1d963436539c5660cde0

  • SHA1

    ed31d24e91cf8cb3c2637e85ec756977e139dc53

  • SHA256

    b3a92326b69ab411eedd3fb7e03a54cda73ad19ff5381df3182d38f5246228bd

  • SHA512

    4517def3de8d7f827118b3fa8aa2e0069514d709939250f36f4dcbce9afd0d3f4b4bb561e6c4b62c4a9b712c2898ef34268136c2122460c5218dd42541613024

  • SSDEEP

    24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5E:gh+ZkldoPK8YaKGE

Score
10/10
revengeratmarzo26trojan

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

    • Target

      b3a92326b69ab411eedd3fb7e03a54cda73ad19ff5381df3182d38f5246228bd_NeikiAnalytics.exe

    • Size

      904KB

    • MD5

      85c0faa3c8ec1d963436539c5660cde0

    • SHA1

      ed31d24e91cf8cb3c2637e85ec756977e139dc53

    • SHA256

      b3a92326b69ab411eedd3fb7e03a54cda73ad19ff5381df3182d38f5246228bd

    • SHA512

      4517def3de8d7f827118b3fa8aa2e0069514d709939250f36f4dcbce9afd0d3f4b4bb561e6c4b62c4a9b712c2898ef34268136c2122460c5218dd42541613024

    • SSDEEP

      24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5E:gh+ZkldoPK8YaKGE

    Score
    10/10
    revengeratmarzo26trojan

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

      trojanrevengerat

    • Drops startup file

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks