Overview

overview

10

Static

static

5

468b530e73...cs.exe

windows7-x64

10

468b530e73...cs.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    468b530e7313cfbf926e8a0024cd9513ccd08dfff17947b9a6b652855d9049e6_NeikiAnalytics.exe

  • Size

    904KB

  • Sample

    240702-m4e4vayhna

  • MD5

    17d48e36164873ab1d1eb433f64f71c0

  • SHA1

    b59942fdb85cbce6756a83b0bef769998d998e7d

  • SHA256

    468b530e7313cfbf926e8a0024cd9513ccd08dfff17947b9a6b652855d9049e6

  • SHA512

    e3812416518ac63c4df8aa630ee1021e159c9d43ca0a962e754882a9bbf4e78b9a9c4556ae471f248570fa0d6344fcc5776ccd6f3bd52dab41c5e70ff57a83fb

  • SSDEEP

    24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5Y:gh+ZkldoPK8YaKGY

Score
10/10
revengeratmarzo26trojan

Malware Config

Extracted

Family

revengerat

Botnet

Marzo26

C2

marzorevenger.duckdns.org:4230

Mutex

RV_MUTEX-PiGGjjtnxDpn

Targets

    • Target

      468b530e7313cfbf926e8a0024cd9513ccd08dfff17947b9a6b652855d9049e6_NeikiAnalytics.exe

    • Size

      904KB

    • MD5

      17d48e36164873ab1d1eb433f64f71c0

    • SHA1

      b59942fdb85cbce6756a83b0bef769998d998e7d

    • SHA256

      468b530e7313cfbf926e8a0024cd9513ccd08dfff17947b9a6b652855d9049e6

    • SHA512

      e3812416518ac63c4df8aa630ee1021e159c9d43ca0a962e754882a9bbf4e78b9a9c4556ae471f248570fa0d6344fcc5776ccd6f3bd52dab41c5e70ff57a83fb

    • SSDEEP

      24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5Y:gh+ZkldoPK8YaKGY

    Score
    10/10
    revengeratmarzo26trojan

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

      trojanrevengerat

    • Drops startup file

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks