Overview

overview

10

Static

static

aff15f407c...95.exe

windows7_x64

8

aff15f407c...95.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    aff15f407cb77bbe07961830f4e94f8dab637ee9f02aaba76c2e4941f0d43995

  • Size

    4.3MB

  • Sample

    220511-cyqnaagchk

  • MD5

    34fd6dbb11b1cbf0d235612d6747678e

  • SHA1

    517cf5249f6245075e1d911a3b539114beb50f71

  • SHA256

    aff15f407cb77bbe07961830f4e94f8dab637ee9f02aaba76c2e4941f0d43995

  • SHA512

    6e5f0a914f43cf32445e70e01bae4840b2ccb17424b99be83dea39b1649951b2e7854de63d68f6ad16b9668d8e83b0d5f8f05d1769b3327349aa8b18c0dc3918

Score
10/10
revengeratnyancatrevengetrojan

Malware Config

Extracted

Family

revengerat

Botnet

NyanCatRevenge

C2

185.81.157.41:5055

Mutex

73845dcfccd2

Targets

    • Target

      aff15f407cb77bbe07961830f4e94f8dab637ee9f02aaba76c2e4941f0d43995

    • Size

      4.3MB

    • MD5

      34fd6dbb11b1cbf0d235612d6747678e

    • SHA1

      517cf5249f6245075e1d911a3b539114beb50f71

    • SHA256

      aff15f407cb77bbe07961830f4e94f8dab637ee9f02aaba76c2e4941f0d43995

    • SHA512

      6e5f0a914f43cf32445e70e01bae4840b2ccb17424b99be83dea39b1649951b2e7854de63d68f6ad16b9668d8e83b0d5f8f05d1769b3327349aa8b18c0dc3918

    Score
    10/10
    revengeratnyancatrevengetrojan

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

      trojanrevengerat

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks