Overview

overview

10

Static

static

5

17d8c90e52...cs.exe

windows7-x64

10

17d8c90e52...cs.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    17d8c90e52a2ce84a4d178778e3548c1b0b3ed751b0e755d13b31c72524002a0_NeikiAnalytics.exe

  • Size

    904KB

  • Sample

    240701-3jjjjaxale

  • MD5

    9c308ff55c3bf409e55b91408ac17590

  • SHA1

    9ce2f3f6fea731af3d8938daea051d62142ad755

  • SHA256

    17d8c90e52a2ce84a4d178778e3548c1b0b3ed751b0e755d13b31c72524002a0

  • SHA512

    88091949de9d92f1d2ffea5f2bbac8d0c13c42e3af814da2f02d56e88d8daefb57c8def3681eedaa37daee2d73c27fbe08ccb20c5b55d0137b2fa5e6c6c37e9c

  • SSDEEP

    24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5o:gh+ZkldoPK8YaKGo

Score
10/10
revengeratmarzo26trojan

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

    • Target

      17d8c90e52a2ce84a4d178778e3548c1b0b3ed751b0e755d13b31c72524002a0_NeikiAnalytics.exe

    • Size

      904KB

    • MD5

      9c308ff55c3bf409e55b91408ac17590

    • SHA1

      9ce2f3f6fea731af3d8938daea051d62142ad755

    • SHA256

      17d8c90e52a2ce84a4d178778e3548c1b0b3ed751b0e755d13b31c72524002a0

    • SHA512

      88091949de9d92f1d2ffea5f2bbac8d0c13c42e3af814da2f02d56e88d8daefb57c8def3681eedaa37daee2d73c27fbe08ccb20c5b55d0137b2fa5e6c6c37e9c

    • SSDEEP

      24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5o:gh+ZkldoPK8YaKGo

    Score
    10/10
    revengeratmarzo26trojan

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

      trojanrevengerat

    • Drops startup file

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks