General

  • Target

    3b72fd533bb38633959f0ca2f60774a60b302b3d3455709608b087e30307b773

  • Size

    74KB

  • Sample

    220502-rkcxlaghel

  • MD5

    93d98128d44836c7b02c072ad97909b5

  • SHA1

    2ff18c31d28022b6f4bab69e82a130c03fbdc32c

  • SHA256

    3b72fd533bb38633959f0ca2f60774a60b302b3d3455709608b087e30307b773

  • SHA512

    963fa94059e9937195225574d7917937a2313705b7dd9625e9f1045379ba65e0525d27a8835073e608782db16d0c99072513e13978e9c943922fee3298dae0ca

Malware Config

Extracted

Family

revengerat

Botnet

NyanCatRevenge

C2

travazap2.duckdns.org:2021

Mutex

3ddc53446da

Targets

    • Target

      3b72fd533bb38633959f0ca2f60774a60b302b3d3455709608b087e30307b773

    • Size

      74KB

    • MD5

      93d98128d44836c7b02c072ad97909b5

    • SHA1

      2ff18c31d28022b6f4bab69e82a130c03fbdc32c

    • SHA256

      3b72fd533bb38633959f0ca2f60774a60b302b3d3455709608b087e30307b773

    • SHA512

      963fa94059e9937195225574d7917937a2313705b7dd9625e9f1045379ba65e0525d27a8835073e608782db16d0c99072513e13978e9c943922fee3298dae0ca

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

    • Drops startup file

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Discovery

System Information Discovery

1
T1082

Tasks