Overview

overview

10

Static

static

1

6e6c1a2d16...f3.vbs

windows7-x64

10

6e6c1a2d16...f3.vbs

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6e6c1a2d164e6bb18f8847054bd9417f17650c2f2bbf1ef575800927fb03b9f3.vbs

  • Size

    650B

  • Sample

    240301-fvheaadd8v

  • MD5

    5cf16aa21c6757f09238693e35229f4e

  • SHA1

    f07993d1ffab08970971b6ff3b0b2162fc2367cb

  • SHA256

    6e6c1a2d164e6bb18f8847054bd9417f17650c2f2bbf1ef575800927fb03b9f3

  • SHA512

    2f92cc5fc41fa0aeeb7c15adeea6b82edaa249ed2d97401f140471de0de4fa1005a7c83ff49db154453dedea7a926b6030c47e36766c62af7b0eb83cde676426

Score
10/10
revengeratnyancatrevengetrojan

Malware Config

Extracted

Family

revengerat

Botnet

NyanCatRevenge

C2

brasil.ddns.com.br:333

Mutex

33c61550ada3497

Targets

    • Target

      6e6c1a2d164e6bb18f8847054bd9417f17650c2f2bbf1ef575800927fb03b9f3.vbs

    • Size

      650B

    • MD5

      5cf16aa21c6757f09238693e35229f4e

    • SHA1

      f07993d1ffab08970971b6ff3b0b2162fc2367cb

    • SHA256

      6e6c1a2d164e6bb18f8847054bd9417f17650c2f2bbf1ef575800927fb03b9f3

    • SHA512

      2f92cc5fc41fa0aeeb7c15adeea6b82edaa249ed2d97401f140471de0de4fa1005a7c83ff49db154453dedea7a926b6030c47e36766c62af7b0eb83cde676426

    Score
    10/10
    revengeratnyancatrevengetrojan

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

      trojanrevengerat

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks