Overview

overview

10

Static

static

5

3c52a00b34...cs.exe

windows7-x64

10

3c52a00b34...cs.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3c52a00b34d9fb60da430ceb42e3264a42e5b23a14cc5866a53975e1ef9255ab_NeikiAnalytics.exe

  • Size

    951KB

  • Sample

    240701-ha51ys1gpj

  • MD5

    ae2d6a04ae84334f0d951306a7e45030

  • SHA1

    03f4eb41318c0a98e5d84b49c687f3e49b3f39d6

  • SHA256

    3c52a00b34d9fb60da430ceb42e3264a42e5b23a14cc5866a53975e1ef9255ab

  • SHA512

    49d9d77252e87d632651e33b68904fc63cb0df1d54c3133e99f9ff49a9fbfa9d1d85c582f54163fbd5e5ee5ed145095e2db535e623d7b04679b635dcd727ed31

  • SSDEEP

    24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT5P:Rh+ZkldDPK8YaKjP

Score
10/10
revengeratmarzo26trojan

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

    • Target

      3c52a00b34d9fb60da430ceb42e3264a42e5b23a14cc5866a53975e1ef9255ab_NeikiAnalytics.exe

    • Size

      951KB

    • MD5

      ae2d6a04ae84334f0d951306a7e45030

    • SHA1

      03f4eb41318c0a98e5d84b49c687f3e49b3f39d6

    • SHA256

      3c52a00b34d9fb60da430ceb42e3264a42e5b23a14cc5866a53975e1ef9255ab

    • SHA512

      49d9d77252e87d632651e33b68904fc63cb0df1d54c3133e99f9ff49a9fbfa9d1d85c582f54163fbd5e5ee5ed145095e2db535e623d7b04679b635dcd727ed31

    • SSDEEP

      24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT5P:Rh+ZkldDPK8YaKjP

    Score
    10/10
    revengeratmarzo26trojan

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

      trojanrevengerat

    • Drops startup file

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks