revengerat | d0eacc86ba243aa25112dfdbe4c11b1bc7e90a50921e2dccaefa65e626484a1c | Triage

Sharing

General

Target

d0eacc86ba243aa25112dfdbe4c11b1bc7e90a50921e2dccaefa65e626484a1c
Size

160KB
Sample

220219-kzeleabbem
MD5

2f4b0aaefc5a69aad3be2795c45e97d7
SHA1

b40b2a3afad0f04934e3892a23fa320fbbe85ec5
SHA256

d0eacc86ba243aa25112dfdbe4c11b1bc7e90a50921e2dccaefa65e626484a1c
SHA512

4e5113ad23bc3a1242f47d9d03a319bd921e3016a8527637aabbb390045f7559609cd478dad8500745a457636360822de5d9f51f2a11e6a13ed76b44d8ad3b8a

Score

10^/10

revengerat nyancatrevenge trojan

Malware Config

Extracted

Family

revengerat

Botnet

NyanCatRevenge

C2

h0pe1759.ddns.net:6943

Mutex

128f3f5311064da68d3

Targets

- Target
  
  d0eacc86ba243aa25112dfdbe4c11b1bc7e90a50921e2dccaefa65e626484a1c
- Size
  
  160KB
- MD5
  
  2f4b0aaefc5a69aad3be2795c45e97d7
- SHA1
  
  b40b2a3afad0f04934e3892a23fa320fbbe85ec5
- SHA256
  
  d0eacc86ba243aa25112dfdbe4c11b1bc7e90a50921e2dccaefa65e626484a1c
- SHA512
  
  4e5113ad23bc3a1242f47d9d03a319bd921e3016a8527637aabbb390045f7559609cd478dad8500745a457636360822de5d9f51f2a11e6a13ed76b44d8ad3b8a
Score

10^/10

revengerat nyancatrevenge trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

revengeratnyancatrevengetrojan