revengerat | aff15f407cb77bbe07961830f4e94f8dab637ee9f02aaba76c2e4941f0d43995 | Triage

Sharing

General

Target

aff15f407cb77bbe07961830f4e94f8dab637ee9f02aaba76c2e4941f0d43995
Size

4.3MB
Sample

220511-cyqnaagchk
MD5

34fd6dbb11b1cbf0d235612d6747678e
SHA1

517cf5249f6245075e1d911a3b539114beb50f71
SHA256

aff15f407cb77bbe07961830f4e94f8dab637ee9f02aaba76c2e4941f0d43995
SHA512

6e5f0a914f43cf32445e70e01bae4840b2ccb17424b99be83dea39b1649951b2e7854de63d68f6ad16b9668d8e83b0d5f8f05d1769b3327349aa8b18c0dc3918

Score

10^/10

revengerat nyancatrevenge trojan

Malware Config

Extracted

Family

revengerat

Botnet

NyanCatRevenge

C2

185.81.157.41:5055

Mutex

73845dcfccd2

Targets

- Target
  
  aff15f407cb77bbe07961830f4e94f8dab637ee9f02aaba76c2e4941f0d43995
- Size
  
  4.3MB
- MD5
  
  34fd6dbb11b1cbf0d235612d6747678e
- SHA1
  
  517cf5249f6245075e1d911a3b539114beb50f71
- SHA256
  
  aff15f407cb77bbe07961830f4e94f8dab637ee9f02aaba76c2e4941f0d43995
- SHA512
  
  6e5f0a914f43cf32445e70e01bae4840b2ccb17424b99be83dea39b1649951b2e7854de63d68f6ad16b9668d8e83b0d5f8f05d1769b3327349aa8b18c0dc3918
Score

10^/10

revengerat nyancatrevenge trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

revengeratnyancatrevengetrojan