General
-
Target
4bdcdf249e683afc73f376dd32c87bb3151deb7acd9a961f3c09cc7dfc6b7e53_NeikiAnalytics.exe
-
Size
951KB
-
Sample
240702-q68qqavfld
-
MD5
30d6cb3af8a356aec2db3908599782d0
-
SHA1
81387f0b578d9fbdc64b9c30be89ef688217f0f1
-
SHA256
4bdcdf249e683afc73f376dd32c87bb3151deb7acd9a961f3c09cc7dfc6b7e53
-
SHA512
4954dd0eb937eaf7e76e84a75a759b6430668059995fb6ce694c7cb2b557ad8ef71fd45cf63d7b1595fa6aae49930144b471168924b47c2f0c6da5f9afdceb7c
-
SSDEEP
24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT5z:Rh+ZkldDPK8YaKjz
Malware Config
Extracted
revengerat
Marzo26
marzorevenger.duckdns.org:4230
RV_MUTEX-PiGGjjtnxDpn
Targets
-
-
Target
4bdcdf249e683afc73f376dd32c87bb3151deb7acd9a961f3c09cc7dfc6b7e53_NeikiAnalytics.exe
-
Size
951KB
-
MD5
30d6cb3af8a356aec2db3908599782d0
-
SHA1
81387f0b578d9fbdc64b9c30be89ef688217f0f1
-
SHA256
4bdcdf249e683afc73f376dd32c87bb3151deb7acd9a961f3c09cc7dfc6b7e53
-
SHA512
4954dd0eb937eaf7e76e84a75a759b6430668059995fb6ce694c7cb2b557ad8ef71fd45cf63d7b1595fa6aae49930144b471168924b47c2f0c6da5f9afdceb7c
-
SSDEEP
24576:2AHnh+eWsN3skA4RV1HDm2KXMmHaKZT5z:Rh+ZkldDPK8YaKjz
Score10/10-
RevengeRAT
Remote-access trojan with a wide range of capabilities.
-
Drops startup file
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-