revengerat | 117c5cf0e27bf23b55685767432ab6d2819a52c91423ed0eb74c221d96b6ce98 | Triage

Sharing

General

Target

receipt_ups.js
Size

217KB
Sample

220108-jjpk1adcdl
MD5

3cf58910eb5201dac3201d875f399c31
SHA1

6ececbecf3d424663818288c69882037ab261347
SHA256

117c5cf0e27bf23b55685767432ab6d2819a52c91423ed0eb74c221d96b6ce98
SHA512

98ceeabb6b4227eb0d694cce02e58700dd24375985e4e4ab728039aeb8080fa44dee8c2cdec4eb651eb582a5b422add91dd635157fbe011dbfa7ec911209929a

Score

10^/10

revengerat vjw0rm nyancatrevenge persistence trojan worm

Malware Config

Extracted

Family

revengerat

Botnet

NyanCatRevenge

C2

macjoe597.duia.ro:3175

Mutex

1e858dc786914c61

Extracted

Family

vjw0rm

C2

http://zeegod.duckdns.org:9998

Targets

- Target
  
  receipt_ups.js
- Size
  
  217KB
- MD5
  
  3cf58910eb5201dac3201d875f399c31
- SHA1
  
  6ececbecf3d424663818288c69882037ab261347
- SHA256
  
  117c5cf0e27bf23b55685767432ab6d2819a52c91423ed0eb74c221d96b6ce98
- SHA512
  
  98ceeabb6b4227eb0d694cce02e58700dd24375985e4e4ab728039aeb8080fa44dee8c2cdec4eb651eb582a5b422add91dd635157fbe011dbfa7ec911209929a
Score

10^/10

revengerat vjw0rm nyancatrevenge persistence trojan worm
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Blocklisted process makes network request
- Executes dropped EXE
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

revengeratvjw0rmnyancatrevengepersistencetrojanworm

behavioral2

revengeratvjw0rmnyancatrevengepersistencetrojanworm