revengerat | c7a3ba7def259f78303757d1fabe9767612d0e6f11ca55f0f5b396eec82aed3e | Triage

Sharing

General

Target

waybill.js
Size

217KB
Sample

220108-jjpk1acgh8
MD5

b8d709b17bcfaf488a6277334d5bad2f
SHA1

3dbebe928807dd6f9c8c828611b3a42ea598e081
SHA256

c7a3ba7def259f78303757d1fabe9767612d0e6f11ca55f0f5b396eec82aed3e
SHA512

72b63c45983c877a5c036302a41caaee7e0df063d2d07e6d7f2cfc0ef84eb1d29074ffa9b76f5ea8094078121a674465cd9ffb74110ea4b0fa4a222e6af59104

Score

10^/10

revengerat vjw0rm nyancatrevenge persistence trojan worm

Malware Config

Extracted

Family

revengerat

Botnet

NyanCatRevenge

C2

macjoe597.duia.ro:3175

Mutex

1e858dc786914c61

Targets

- Target
  
  waybill.js
- Size
  
  217KB
- MD5
  
  b8d709b17bcfaf488a6277334d5bad2f
- SHA1
  
  3dbebe928807dd6f9c8c828611b3a42ea598e081
- SHA256
  
  c7a3ba7def259f78303757d1fabe9767612d0e6f11ca55f0f5b396eec82aed3e
- SHA512
  
  72b63c45983c877a5c036302a41caaee7e0df063d2d07e6d7f2cfc0ef84eb1d29074ffa9b76f5ea8094078121a674465cd9ffb74110ea4b0fa4a222e6af59104
Score

10^/10

revengerat vjw0rm nyancatrevenge persistence trojan worm
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Blocklisted process makes network request
- Executes dropped EXE
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

revengeratvjw0rmnyancatrevengepersistencetrojanworm

behavioral2

revengeratvjw0rmnyancatrevengepersistencetrojanworm