revengerat | 0a664b57f25343dd507e8feb971aadbb4d50bbc2e6e2e6346fbb2e74aede8e44 | Triage

Sharing

General

Target

5f05f5c7e4e19da45e124065d6f5fd1e.bin
Size

22KB
Sample

240916-bg4cda1end
MD5

e23a92eedda9e31ad8c7c627fe36bad3
SHA1

35cc48067a1a455facf19d755d8fd926ed73f7e8
SHA256

0a664b57f25343dd507e8feb971aadbb4d50bbc2e6e2e6346fbb2e74aede8e44
SHA512

1e56faf30a30255875561881d8d05476f9c9e1444d53bdfa581b5be2e60830ec000ab5a2944931bc0998dc3dfa2f318cf8cbd4642ba3205530b2ad4c596d5486
SSDEEP

384:XtowfmR82VeyDW0xCzYPr46FcMgqqgeTyxvcMyWtg6H0IlvAOQMyEtmLsg6rJRyG:XawfmR82VlDWGC0M6KXhTOk0tg0H49Qt

Score

10^/10

revengerat nyancatrevenge execution trojan

Malware Config

Extracted

Family

revengerat

Botnet

NyanCatRevenge

C2

18.231.150.177:5222

Mutex

282ac7d305

Targets

- Target
  
  6a73361430e34020149356188f953f8910380c14f7c27c32a29892d049c7db22.js
- Size
  
  119KB
- MD5
  
  5f05f5c7e4e19da45e124065d6f5fd1e
- SHA1
  
  12be89e5beb8ad794235f16bf29dc36a56d012af
- SHA256
  
  6a73361430e34020149356188f953f8910380c14f7c27c32a29892d049c7db22
- SHA512
  
  2776bd209d50a93a17077c958f31378c1972b054e6aa42a398fc1a9a1f5c69bd8b79d04fd46a07b1b65996c2b6bf6c3032c95e09009655532e62e6540403d5a6
- SSDEEP
  
  1536:0+fUYZPT8sYJHkWF5qBKoy1XtczvzYFNW+Nn:nfLasWHtuY1XtcbsFNW+Nn
Score

10^/10

revengerat nyancatrevenge execution trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

revengeratnyancatrevengeexecutiontrojan

behavioral2

revengeratnyancatrevengeexecutiontrojan