General

  • Target

    reserva....exe

  • Size

    3.9MB

  • Sample

    230922-jxn7dsgf79

  • MD5

    3403cb537d8e1e6257068d3189705050

  • SHA1

    32a53dc15f1ccfc22daa3951df456264818c008a

  • SHA256

    1e2ae6c3bc1dce5dc5d968f23da8fec92f2625a6014ca18e3989ad9a33f419d5

  • SHA512

    a4c206374b4d4750968a0120ac1d460615b1d8c67561282e8dce479b502cda0f2d45953bd750f757878f6c188f3473637d21a897c078d8a497de0823345e076a

  • SSDEEP

    98304:OtrbTA1XcptoXinXh6B8WXhT7rQUdUi2p2xIqjsdSympntS:wc1XOtnnXRah84h4qpptS

Malware Config

Extracted

Family

revengerat

Botnet

NyanCatRevenge

C2

marcelotatuape.ddns.net:333

Mutex

2180459765

Targets

    • Target

      reserva....exe

    • Size

      3.9MB

    • MD5

      3403cb537d8e1e6257068d3189705050

    • SHA1

      32a53dc15f1ccfc22daa3951df456264818c008a

    • SHA256

      1e2ae6c3bc1dce5dc5d968f23da8fec92f2625a6014ca18e3989ad9a33f419d5

    • SHA512

      a4c206374b4d4750968a0120ac1d460615b1d8c67561282e8dce479b502cda0f2d45953bd750f757878f6c188f3473637d21a897c078d8a497de0823345e076a

    • SSDEEP

      98304:OtrbTA1XcptoXinXh6B8WXhT7rQUdUi2p2xIqjsdSympntS:wc1XOtnnXRah84h4qpptS

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks