General
-
Target
comprovantedepagamento.js
-
Size
116KB
-
Sample
241219-s6wr9svlcx
-
MD5
0c3e47c0fb0d5a289fded25fd9746817
-
SHA1
2117b82b1724a2f146ffd015b50ce45c63d7fb87
-
SHA256
2e166d7183aca77bc9ebaa54d8048374aa780ece1ffc159ecf57ec75f96a8e4d
-
SHA512
bf8b2895fa9cf32c651d67ff68c3156dfd2f32e4fc9308ec5a190eaf942816feae1357086b150442c4359619356cf6cf3bd4e9bcf8d866b52c51b0c3978133ad
-
SSDEEP
1536:D12+GPp0PG/6Rn/T5d1XtQpm7GOzYCtFA:p2+GB0PG/sn/T5dt+IdG
Malware Config
Extracted
revengerat
NyanCatRevenge
38.51.135.44:333
9822cb7521c94057
Targets
-
-
Target
comprovantedepagamento.js
-
Size
116KB
-
MD5
0c3e47c0fb0d5a289fded25fd9746817
-
SHA1
2117b82b1724a2f146ffd015b50ce45c63d7fb87
-
SHA256
2e166d7183aca77bc9ebaa54d8048374aa780ece1ffc159ecf57ec75f96a8e4d
-
SHA512
bf8b2895fa9cf32c651d67ff68c3156dfd2f32e4fc9308ec5a190eaf942816feae1357086b150442c4359619356cf6cf3bd4e9bcf8d866b52c51b0c3978133ad
-
SSDEEP
1536:D12+GPp0PG/6Rn/T5d1XtQpm7GOzYCtFA:p2+GB0PG/sn/T5dt+IdG
Score10/10-
RevengeRAT
Remote-access trojan with a wide range of capabilities.
-
Revengerat family
-
Blocklisted process makes network request
-
Command and Scripting Interpreter: PowerShell
Run Powershell and hide display window.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-