revengerat | f666ce7cd0fcb4bf2718c9fb6edcbd825bedae8fd57374931c82a7866975f37d | Triage

Sharing

General

Target

stage2.ps1
Size

924KB
Sample

241211-mheaestjdq
MD5

86668391bf87240f9b512f7f56e2f4ec
SHA1

b67f1b89d2b5fe4d3121052ad1208211214aa293
SHA256

f666ce7cd0fcb4bf2718c9fb6edcbd825bedae8fd57374931c82a7866975f37d
SHA512

bbcc518162acfd8dd1155d5c19f89674509b954cfe52b1847e40bfe35a1c7f0d6cd0ac53040839c4ceccfd7283b301b5801ce26cb2cf1d51e4e000b181216ce4
SSDEEP

6144:Da3hajoDS2VvhVHzHc4abdm6NNNmy7aBo428Ok8Z3ka:DaEjo22VpJb1abdm6NNNmy7v428E

Score

10^/10

revengerat nyancatrevenge discovery execution persistence trojan

Malware Config

Extracted

Family

revengerat

Botnet

NyanCatRevenge

C2

102.165.46.145:333

Mutex

pHXJvbCGPPiC

Targets

- Target
  
  stage2.ps1
- Size
  
  924KB
- MD5
  
  86668391bf87240f9b512f7f56e2f4ec
- SHA1
  
  b67f1b89d2b5fe4d3121052ad1208211214aa293
- SHA256
  
  f666ce7cd0fcb4bf2718c9fb6edcbd825bedae8fd57374931c82a7866975f37d
- SHA512
  
  bbcc518162acfd8dd1155d5c19f89674509b954cfe52b1847e40bfe35a1c7f0d6cd0ac53040839c4ceccfd7283b301b5801ce26cb2cf1d51e4e000b181216ce4
- SSDEEP
  
  6144:Da3hajoDS2VvhVHzHc4abdm6NNNmy7aBo428Ok8Z3ka:DaEjo22VpJb1abdm6NNNmy7v428E
Score

10^/10

execution persistence revengerat nyancatrevenge discovery trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Revengerat family
  revengerat
- Blocklisted process makes network request
- .NET Reactor proctector
  Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

executionpersistence

behavioral2

revengeratnyancatrevengediscoveryexecutionpersistencetrojan