revengerat | 8dc29da6ce87bf7d127272d5764244d42382cc5c9e53af86dbe82792cffa8b32 | Triage

Sharing

General

Target

5cf16aa21c6757f09238693e35229f4e.bin
Size

545B
Sample

240302-bqeqdagd89
MD5

e457baa6f7c131b3e62e816af3d04ea5
SHA1

4c9be169ac56950beb0f11515d535744ebd1100d
SHA256

8dc29da6ce87bf7d127272d5764244d42382cc5c9e53af86dbe82792cffa8b32
SHA512

f9658deaf51b14bb369a87ad5aef7e06c3dc4c26b3cbd5e33a572bd1cc2cdc29ab7e340afd476d4be85d81d78dfc404bd18a49e4be2008ecabcd71809b9508ff

Score

10^/10

revengerat nyancatrevenge trojan

Malware Config

Extracted

Family

revengerat

Botnet

NyanCatRevenge

C2

brasil.ddns.com.br:333

Mutex

33c61550ada3497

Targets

- Target
  
  6e6c1a2d164e6bb18f8847054bd9417f17650c2f2bbf1ef575800927fb03b9f3.vbs
- Size
  
  650B
- MD5
  
  5cf16aa21c6757f09238693e35229f4e
- SHA1
  
  f07993d1ffab08970971b6ff3b0b2162fc2367cb
- SHA256
  
  6e6c1a2d164e6bb18f8847054bd9417f17650c2f2bbf1ef575800927fb03b9f3
- SHA512
  
  2f92cc5fc41fa0aeeb7c15adeea6b82edaa249ed2d97401f140471de0de4fa1005a7c83ff49db154453dedea7a926b6030c47e36766c62af7b0eb83cde676426
Score

10^/10

revengerat nyancatrevenge trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

revengeratnyancatrevengetrojan

behavioral2

revengeratnyancatrevengetrojan