Overview

overview

10

Static

static

5

3ff75f8076...cs.exe

windows7-x64

10

3ff75f8076...cs.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3ff75f8076e534e38af7c3d142063c4a0a637444e1e4726404f700440790d4dd_NeikiAnalytics.exe

  • Size

    904KB

  • Sample

    240702-g4rvrazene

  • MD5

    9628d42a0ab167a53a4cacc14d5a2590

  • SHA1

    d763751f3d5c720d170624aacc6b981449095199

  • SHA256

    3ff75f8076e534e38af7c3d142063c4a0a637444e1e4726404f700440790d4dd

  • SHA512

    f1d3af96683ddf1dc7ceaac937f817d5307e1f6f9972c17842ab8e026102a742e1a6f589f66ff3842509777bfd0521f7d1ae3df8912ff1871fd12ff9755bee04

  • SSDEEP

    24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5t:gh+ZkldoPK8YaKGt

Score
10/10
revengeratmarzo26trojan

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

    • Target

      3ff75f8076e534e38af7c3d142063c4a0a637444e1e4726404f700440790d4dd_NeikiAnalytics.exe

    • Size

      904KB

    • MD5

      9628d42a0ab167a53a4cacc14d5a2590

    • SHA1

      d763751f3d5c720d170624aacc6b981449095199

    • SHA256

      3ff75f8076e534e38af7c3d142063c4a0a637444e1e4726404f700440790d4dd

    • SHA512

      f1d3af96683ddf1dc7ceaac937f817d5307e1f6f9972c17842ab8e026102a742e1a6f589f66ff3842509777bfd0521f7d1ae3df8912ff1871fd12ff9755bee04

    • SSDEEP

      24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5t:gh+ZkldoPK8YaKGt

    Score
    10/10
    revengeratmarzo26trojan

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

      trojanrevengerat

    • Drops startup file

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks