revengerat | 213857b03db27acb0cb52357799ba8f3ce4adb843e66ddc35bf8949d10ebd61a | Triage

Sharing

General

Target

1Documentos de reserva.js
Size

60KB
Sample

241015-sra71s1gmc
MD5

14e68a45361bb287393747ce2b271838
SHA1

16144ac8dc7ecc27e4667a3241da8810f8b84778
SHA256

213857b03db27acb0cb52357799ba8f3ce4adb843e66ddc35bf8949d10ebd61a
SHA512

1a865076c36fa8bf69eba5aca97298be88b093f50af16b63ac878a6482f928c418e547296d00075e1a27c85580af337e8f41781180eee50755754d8915dbe8fb
SSDEEP

768:tvRmozOfNAG9lUAy1NgRXbkDvAAdkqC9m3ppOJlPcLNdpgF3hFAto:94oifpTq1NxAAiqC9mZpk8NdpW3hF2o

Score

10^/10

revengerat nyancatrevenge execution persistence trojan

Malware Config

Extracted

Family

revengerat

Botnet

NyanCatRevenge

C2

54.146.241.16:5222

Mutex

f9796de67e

Targets

- Target
  
  1Documentos de reserva.js
- Size
  
  60KB
- MD5
  
  14e68a45361bb287393747ce2b271838
- SHA1
  
  16144ac8dc7ecc27e4667a3241da8810f8b84778
- SHA256
  
  213857b03db27acb0cb52357799ba8f3ce4adb843e66ddc35bf8949d10ebd61a
- SHA512
  
  1a865076c36fa8bf69eba5aca97298be88b093f50af16b63ac878a6482f928c418e547296d00075e1a27c85580af337e8f41781180eee50755754d8915dbe8fb
- SSDEEP
  
  768:tvRmozOfNAG9lUAy1NgRXbkDvAAdkqC9m3ppOJlPcLNdpgF3hFAto:94oifpTq1NxAAiqC9mZpk8NdpW3hF2o
Score

10^/10

revengerat nyancatrevenge execution persistence trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

PowerShell

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

revengeratnyancatrevengeexecutionpersistencetrojan

behavioral2

revengeratnyancatrevengeexecutionpersistencetrojan