Overview

overview

10

Static

static

1

2e166d7183...e4d.js

windows7-x64

10

2e166d7183...e4d.js

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0c3e47c0fb0d5a289fded25fd9746817.bin

  • Size

    22KB

  • Sample

    241221-bc7t1aykct

  • MD5

    86e0ee1b4e119a22807e04f8b2b6ea3b

  • SHA1

    cb0083807ccc369daf4f6516d0d32867db462499

  • SHA256

    f21fa6493bade5a7806a28f33ba7d920fa43edd81628003ea95253983d590cb2

  • SHA512

    9246e26036affa23de44920cc4c7049b6e48ea83cfe3f338237df95251e59db932d3fa7933b493d74591579b1962a35151bc61dffe718d9d8daebfe96cbb78c2

  • SSDEEP

    384:02AXZJ8nkfv2YHOpNqA3i7js1h9fe2lVIjjtV1h4g8UPkR5L3R2f06N:wZJ8or2Eei7A7ojb4gXPQZp6N

Score
10/10
revengeratnyancatrevengeexecutiontrojan

Malware Config

Extracted

Family

revengerat

Botnet

NyanCatRevenge

C2

38.51.135.44:333

Mutex

9822cb7521c94057

Targets

    • Target

      2e166d7183aca77bc9ebaa54d8048374aa780ece1ffc159ecf57ec75f96a8e4d.js

    • Size

      116KB

    • MD5

      0c3e47c0fb0d5a289fded25fd9746817

    • SHA1

      2117b82b1724a2f146ffd015b50ce45c63d7fb87

    • SHA256

      2e166d7183aca77bc9ebaa54d8048374aa780ece1ffc159ecf57ec75f96a8e4d

    • SHA512

      bf8b2895fa9cf32c651d67ff68c3156dfd2f32e4fc9308ec5a190eaf942816feae1357086b150442c4359619356cf6cf3bd4e9bcf8d866b52c51b0c3978133ad

    • SSDEEP

      1536:D12+GPp0PG/6Rn/T5d1XtQpm7GOzYCtFA:p2+GB0PG/sn/T5dt+IdG

    Score
    10/10
    revengeratnyancatrevengeexecutiontrojan

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

      trojanrevengerat

    • Revengerat family

      revengerat

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks