revengerat | a329cfce33b6cadbac42ef31b7d894a4349173075fe6f216965dba2e69ee625b | Triage

Sharing

General

Target

Ativador Key Authy .vbs
Size

307KB
Sample

230405-qad68seg93
MD5

e7585212ec8add6edfa1b18d5cd1a0fb
SHA1

1c20255b64c1677194c989159cf2225597bfd606
SHA256

a329cfce33b6cadbac42ef31b7d894a4349173075fe6f216965dba2e69ee625b
SHA512

a5b25cb8f4f7114b336a216288bb617a2ab6d032c7974848ab746e486716f30bafc8fb22b43c462061809deb9dfedfd7c819b689fc58b38a27b4e6dd1c92e71a
SSDEEP

768:gpfzNfPBedPiGe6wb0pCwXUS6s4g6zcaEe16DbcjDc84n+0Mo:EfzVPBedPk6a0pCQ4xEsofvMo

Score

10^/10

revengerat nyancatrevenge trojan

Malware Config

Extracted

Family

revengerat

Botnet

NyanCatRevenge

C2

b2b.ddns.com.br:5222

Mutex

d9261ef3301b4b86a95

Targets

- Target
  
  Ativador Key Authy .vbs
- Size
  
  307KB
- MD5
  
  e7585212ec8add6edfa1b18d5cd1a0fb
- SHA1
  
  1c20255b64c1677194c989159cf2225597bfd606
- SHA256
  
  a329cfce33b6cadbac42ef31b7d894a4349173075fe6f216965dba2e69ee625b
- SHA512
  
  a5b25cb8f4f7114b336a216288bb617a2ab6d032c7974848ab746e486716f30bafc8fb22b43c462061809deb9dfedfd7c819b689fc58b38a27b4e6dd1c92e71a
- SSDEEP
  
  768:gpfzNfPBedPiGe6wb0pCwXUS6s4g6zcaEe16DbcjDc84n+0Mo:EfzVPBedPk6a0pCQ4xEsofvMo
Score

10^/10

revengerat nyancatrevenge trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

revengeratnyancatrevengetrojan