General

  • Target

    WinRAR.bin.exe

  • Size

    3.2MB

  • Sample

    230922-jx9s4aeg4z

  • MD5

    c269bc5e2c6c1767fa47ba3c983a6513

  • SHA1

    d6baf7106e6579babb8262abcffdf635fc9d6d23

  • SHA256

    a71916846ff796a16a2305782a656adbc4b21be2343773c8832ae73d2a7a9e6f

  • SHA512

    0fc254b52d2dbd640d05d92cba14c3f5f72ba911d6567d53f0c7bd0aac3178f2e013121efb94e81c158ad0cd51bfd50b84ef887001b4aaccdc82d72007bab9c7

  • SSDEEP

    98304:qviz/27qWGq/TzuqCDl2Ptao7js4F5FNZ:qviq75/TzufF45NZ

Malware Config

Extracted

Family

revengerat

Botnet

NyanCatRevenge

C2

marcelotatuape.ddns.net:333

Mutex

2180459765

Targets

    • Target

      WinRAR.bin.exe

    • Size

      3.2MB

    • MD5

      c269bc5e2c6c1767fa47ba3c983a6513

    • SHA1

      d6baf7106e6579babb8262abcffdf635fc9d6d23

    • SHA256

      a71916846ff796a16a2305782a656adbc4b21be2343773c8832ae73d2a7a9e6f

    • SHA512

      0fc254b52d2dbd640d05d92cba14c3f5f72ba911d6567d53f0c7bd0aac3178f2e013121efb94e81c158ad0cd51bfd50b84ef887001b4aaccdc82d72007bab9c7

    • SSDEEP

      98304:qviz/27qWGq/TzuqCDl2Ptao7js4F5FNZ:qviq75/TzufF45NZ

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks