General
-
Target
Plugin81139.js
-
Size
389KB
-
Sample
241211-ltr5zssjfn
-
MD5
a0c2859596c5ce9790594ba975cb0eac
-
SHA1
3fcb95f0177d3ec86496f2388fb78b0b2d28820b
-
SHA256
65c941cb336cf645d782e99b761fb37740a615948c6c2c83a3bcba882a2c97a4
-
SHA512
738072f15990c51584c71962043e3bea38dd3b758170815f5daddfceb8622f2eff13e9c8ec1dfcc4f9c150eb8065aa9a4ac38b80e712f037ad5c325de96cfb9e
-
SSDEEP
1536:UfffKffafffKffafffKffafffKffafffKffafffKfffffffffffffffffffffffz:XHuCM4
Static task
static1
Behavioral task
behavioral1
Sample
Plugin81139.js
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Plugin81139.js
Resource
win10v2004-20241007-en
Malware Config
Extracted
https://res.cloudinary.com/dxtifaxks/raw/upload/v1733864899/novojeitoasync_zhpjwy.txt
Extracted
revengerat
NyanCatRevenge
102.165.46.145:333
pHXJvbCGPPiC
Targets
-
-
Target
Plugin81139.js
-
Size
389KB
-
MD5
a0c2859596c5ce9790594ba975cb0eac
-
SHA1
3fcb95f0177d3ec86496f2388fb78b0b2d28820b
-
SHA256
65c941cb336cf645d782e99b761fb37740a615948c6c2c83a3bcba882a2c97a4
-
SHA512
738072f15990c51584c71962043e3bea38dd3b758170815f5daddfceb8622f2eff13e9c8ec1dfcc4f9c150eb8065aa9a4ac38b80e712f037ad5c325de96cfb9e
-
SSDEEP
1536:UfffKffafffKffafffKffafffKffafffKffafffKfffffffffffffffffffffffz:XHuCM4
-
Revengerat family
-
Blocklisted process makes network request
-
.NET Reactor proctector
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-