General
-
Target
54d4cd535c5555a2e1292817639001549782a097d8f1ec2a734ea00f57e2d780
-
Size
3.8MB
-
Sample
230612-3jfgwaeg3s
-
MD5
1a9f0f4fda6bf900cda1ce355c8c5e01
-
SHA1
89e2776773f843473c0e284324fa5ef7a96a5539
-
SHA256
54d4cd535c5555a2e1292817639001549782a097d8f1ec2a734ea00f57e2d780
-
SHA512
975e2dab507623814bc8f6af9ecfce9ad29a764e063616cefe5da263ed33ceedc5a18da18768b4f71cdf46ccd497584fe68432e0bec4e496de593c31d801b080
-
SSDEEP
98304:7trbTA1RptoXinXh6B8WXhT7rQUdUi2p2xIqjsdSyVOLPTiU:hc1btnnXRah84h4qEOniU
Malware Config
Extracted
revengerat
NyanCatRevenge
marcelotatuape.ddns.net:333
188246aaba1
Targets
-
-
Target
54d4cd535c5555a2e1292817639001549782a097d8f1ec2a734ea00f57e2d780
-
Size
3.8MB
-
MD5
1a9f0f4fda6bf900cda1ce355c8c5e01
-
SHA1
89e2776773f843473c0e284324fa5ef7a96a5539
-
SHA256
54d4cd535c5555a2e1292817639001549782a097d8f1ec2a734ea00f57e2d780
-
SHA512
975e2dab507623814bc8f6af9ecfce9ad29a764e063616cefe5da263ed33ceedc5a18da18768b4f71cdf46ccd497584fe68432e0bec4e496de593c31d801b080
-
SSDEEP
98304:7trbTA1RptoXinXh6B8WXhT7rQUdUi2p2xIqjsdSyVOLPTiU:hc1btnnXRah84h4qEOniU
Score10/10-
RevengeRAT
Remote-access trojan with a wide range of capabilities.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-