Overview

overview

10

Static

static

1

REVENGER.jpg.ps1

windows7-x64

10

REVENGER.jpg.ps1

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    REVENGER.jpg.ps1

  • Size

    801KB

  • Sample

    240719-pjezfs1bnm

  • MD5

    f4935e63eaedf1f0392d19e27a9b8d0c

  • SHA1

    8c4c053689ff800fc06225f3958b0cb3aece902a

  • SHA256

    f30b759f79a6be1fd1dcb3536d412eb81e187700153522776f70a9c4e8ff3b45

  • SHA512

    7add6d57d8d70703178892a28d183ff88528d26f17c7438ec9e427cff55ed797a6b2dc909278d5cfea52321d2b9adc2b775b3673e031c2704ff5c3ba41eba0d6

  • SSDEEP

    12288:OZmTk3LmZmTk3Lv2RDsUU1Vq2RDsUU1VV2RDsUU1V2:OZmTAKZmTAr25gq25gV25g2

Score
10/10
revengeratnyancatrevengeexecutiontrojan

Malware Config

Extracted

Family

revengerat

Botnet

NyanCatRevenge

C2

lua.ddns.com.br:5222

Mutex

101f19215cac

Targets

    • Target

      REVENGER.jpg.ps1

    • Size

      801KB

    • MD5

      f4935e63eaedf1f0392d19e27a9b8d0c

    • SHA1

      8c4c053689ff800fc06225f3958b0cb3aece902a

    • SHA256

      f30b759f79a6be1fd1dcb3536d412eb81e187700153522776f70a9c4e8ff3b45

    • SHA512

      7add6d57d8d70703178892a28d183ff88528d26f17c7438ec9e427cff55ed797a6b2dc909278d5cfea52321d2b9adc2b775b3673e031c2704ff5c3ba41eba0d6

    • SSDEEP

      12288:OZmTk3LmZmTk3Lv2RDsUU1Vq2RDsUU1VV2RDsUU1V2:OZmTAKZmTAr25gq25gV25g2

    Score
    10/10
    revengeratnyancatrevengeexecutiontrojan

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

      trojanrevengerat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

PowerShell

1
T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks