revengerat | d213e4762cbc78007d9f45a852ea498265a8bd0c242c93b23e624f302e059ddd | Triage

Sharing

General

Target

213124dadoscancelarareserva.js
Size

60KB
Sample

241015-ylpq4steme
MD5

5508be73f4288131312fe9dcbe64322c
SHA1

f579ae533109afddd4d9e528c7c393035cd80e7a
SHA256

d213e4762cbc78007d9f45a852ea498265a8bd0c242c93b23e624f302e059ddd
SHA512

0f22d6e8378164326cf1634061281e765b29e3b0bef2eb2f1c3fd30d84a1554233c8b1eb930b6df431e982c0ce46b22f451b491892bc2b1c0a1ae60a66e2356f
SSDEEP

768:qze48RhtXFS/81q/y1wGU8a1aIIEHU8aIIFTTV+i2jsm888esI8X88888gKV7+lA:qC48xhtaGcdIh8aIIxgFv

Score

10^/10

revengerat nyancatrevenge execution persistence trojan

Malware Config

Extracted

Family

revengerat

Botnet

NyanCatRevenge

C2

54.146.241.16:5222

Mutex

f9796de67e

Targets

- Target
  
  213124dadoscancelarareserva.js
- Size
  
  60KB
- MD5
  
  5508be73f4288131312fe9dcbe64322c
- SHA1
  
  f579ae533109afddd4d9e528c7c393035cd80e7a
- SHA256
  
  d213e4762cbc78007d9f45a852ea498265a8bd0c242c93b23e624f302e059ddd
- SHA512
  
  0f22d6e8378164326cf1634061281e765b29e3b0bef2eb2f1c3fd30d84a1554233c8b1eb930b6df431e982c0ce46b22f451b491892bc2b1c0a1ae60a66e2356f
- SSDEEP
  
  768:qze48RhtXFS/81q/y1wGU8a1aIIEHU8aIIFTTV+i2jsm888esI8X88888gKV7+lA:qC48xhtaGcdIh8aIIxgFv
Score

10^/10

revengerat nyancatrevenge execution persistence trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

PowerShell

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

revengeratnyancatrevengeexecutionpersistencetrojan

behavioral2

revengeratnyancatrevengeexecutionpersistencetrojan