revengerat | 6a73361430e34020149356188f953f8910380c14f7c27c32a29892d049c7db22 | Triage

Sharing

General

Target

XFlejNFoyONPrRKTeOGM-Comrpovante de pix 14092.js
Size

119KB
Sample

240914-y7txysthkm
MD5

5f05f5c7e4e19da45e124065d6f5fd1e
SHA1

12be89e5beb8ad794235f16bf29dc36a56d012af
SHA256

6a73361430e34020149356188f953f8910380c14f7c27c32a29892d049c7db22
SHA512

2776bd209d50a93a17077c958f31378c1972b054e6aa42a398fc1a9a1f5c69bd8b79d04fd46a07b1b65996c2b6bf6c3032c95e09009655532e62e6540403d5a6
SSDEEP

1536:0+fUYZPT8sYJHkWF5qBKoy1XtczvzYFNW+Nn:nfLasWHtuY1XtcbsFNW+Nn

Score

10^/10

revengerat nyancatrevenge execution trojan

Malware Config

Extracted

Family

revengerat

Botnet

NyanCatRevenge

C2

18.231.150.177:5222

Mutex

282ac7d305

Targets

- Target
  
  XFlejNFoyONPrRKTeOGM-Comrpovante de pix 14092.js
- Size
  
  119KB
- MD5
  
  5f05f5c7e4e19da45e124065d6f5fd1e
- SHA1
  
  12be89e5beb8ad794235f16bf29dc36a56d012af
- SHA256
  
  6a73361430e34020149356188f953f8910380c14f7c27c32a29892d049c7db22
- SHA512
  
  2776bd209d50a93a17077c958f31378c1972b054e6aa42a398fc1a9a1f5c69bd8b79d04fd46a07b1b65996c2b6bf6c3032c95e09009655532e62e6540403d5a6
- SSDEEP
  
  1536:0+fUYZPT8sYJHkWF5qBKoy1XtczvzYFNW+Nn:nfLasWHtuY1XtcbsFNW+Nn
Score

10^/10

revengerat nyancatrevenge execution trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

revengeratnyancatrevengeexecutiontrojan

behavioral2

revengeratnyancatrevengeexecutiontrojan