General

  • Target

    633a7a8aedf8627097b29d0e707c59af.exe

  • Size

    4.0MB

  • Sample

    230301-pv7hvafg2x

  • MD5

    633a7a8aedf8627097b29d0e707c59af

  • SHA1

    f36662cce42d02ed690fbc8e71f4cefc17474200

  • SHA256

    326faaed1dd1881b1ae5af3ccea65ab894f4d7aaff2770c52c3175a29ab43abf

  • SHA512

    17033c6eb42190020320cda1a092eb528186bfc1ba7ac4bce30300732b839de9371e843f67404d8e23c74fab95abc20365ade575b30daf3eede1f93b1b24a568

  • SSDEEP

    98304:7trbTA1FZZAG/HW4A5vodMJ5thwVX9Gx5VeqC6BIN4ts7BUGI1jF:hc1Fzf/HxOQMthPgtCIBUGI1B

Malware Config

Extracted

Family

revengerat

Botnet

NyanCatRevenge

C2

marcelotatuape.ddns.net:333

Mutex

c12ead04c4f046028

Targets

    • Target

      633a7a8aedf8627097b29d0e707c59af.exe

    • Size

      4.0MB

    • MD5

      633a7a8aedf8627097b29d0e707c59af

    • SHA1

      f36662cce42d02ed690fbc8e71f4cefc17474200

    • SHA256

      326faaed1dd1881b1ae5af3ccea65ab894f4d7aaff2770c52c3175a29ab43abf

    • SHA512

      17033c6eb42190020320cda1a092eb528186bfc1ba7ac4bce30300732b839de9371e843f67404d8e23c74fab95abc20365ade575b30daf3eede1f93b1b24a568

    • SSDEEP

      98304:7trbTA1FZZAG/HW4A5vodMJ5thwVX9Gx5VeqC6BIN4ts7BUGI1jF:hc1Fzf/HxOQMthPgtCIBUGI1B

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Tasks