File name: | Revenge-RAT v3 - NYANxCAT.zip |
Full analysis: | https://app.any.run/tasks/3e364dd6-cec3-4276-b076-f44b61b62989 |
Verdict: | Malicious activity |
Analysis date: | November 30, 2020, 00:01:20 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | E53EBB31D498A1B75E7E12F4670B84F4 |
SHA1: | F1A2C57396674662540C7A6D825322D99251101E |
SHA256: | DBC0A745C62C9AEF393F732F718149FC5ABAFFE30DDB1D55D978A8BF17E9AE01 |
SSDEEP: | 393216:853OkzJUuTFL5k62f6Q8NSXwDomaVXMhDxUy0o:8dd7Lqn6ogDo78fn |
.zip | | | ZIP compressed archive (100) |
---|
ZipFileName: | Revenge-RAT v3 - NYANxCAT/ |
---|---|
ZipUncompressedSize: | - |
ZipCompressedSize: | - |
ZipCRC: | 0x00000000 |
ZipModifyDate: | 2020:03:02 14:31:10 |
ZipCompression: | None |
ZipBitFlag: | - |
ZipRequiredVersion: | 20 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2884 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Revenge-RAT v3 - NYANxCAT.zip" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.60.0 | ||||
2108 | "C:\Users\admin\AppData\Local\Temp\Rar$EXb2884.34077\Revenge-RAT v3 - NYANxCAT\Revenge-RAT v0.3.exe" | C:\Users\admin\AppData\Local\Temp\Rar$EXb2884.34077\Revenge-RAT v3 - NYANxCAT\Revenge-RAT v0.3.exe | — | WinRAR.exe |
User: admin Company: Revenge-RAT v0.3 Integrity Level: MEDIUM Description: Revenge-RAT v0.3 Version: 0.0.0.3 | ||||
2224 | "C:\Users\admin\AppData\Local\Temp\Rar$EXb2884.34077\Revenge-RAT v3 - NYANxCAT\Builder.exe" | C:\Users\admin\AppData\Local\Temp\Rar$EXb2884.34077\Revenge-RAT v3 - NYANxCAT\Builder.exe | — | Revenge-RAT v0.3.exe |
User: admin Integrity Level: MEDIUM Description: Builder Version: 1.0.0.0 | ||||
1672 | "C:\Users\admin\AppData\Local\Temp\Rar$EXb2884.34077\Revenge-RAT v3 - NYANxCAT\Builder.exe" | C:\Users\admin\AppData\Local\Temp\Rar$EXb2884.34077\Revenge-RAT v3 - NYANxCAT\Builder.exe | — | Revenge-RAT v0.3.exe |
User: admin Integrity Level: MEDIUM Description: Builder Version: 1.0.0.0 | ||||
1676 | "C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\admin\AppData\Local\Temp\uxsaixhy.cmdline" | C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe | Builder.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Visual C# Command Line Compiler Exit code: 0 Version: 8.0.50727.4927 (NetFXspW7.050727-4900) | ||||
776 | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\admin\AppData\Local\Temp\RESB019.tmp" "c:\Users\admin\Documents\CSCB018.tmp" | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | — | csc.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft® Resource File To COFF Object Conversion Utility Exit code: 0 Version: 8.00.50727.4940 (Win7SP1.050727-5400) |
PID | Process | Filename | Type | |
---|---|---|---|---|
2884 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXb2884.34077\Revenge-RAT v3 - NYANxCAT\Extensions\Aut2Exe\Icons\AutoIt_Old3.ico | image | |
MD5:0F0E13405457EA08934106DF42692329 | SHA256:5FF7C00A84867D28DB78F861836A6BD0247D34A2F6097DE4EFA198D7ABEB1EAC | |||
2884 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXb2884.34077\Revenge-RAT v3 - NYANxCAT\Extensions\Aut2Exe\Icons\AutoIt_Main_v10_48x48_256.ico | image | |
MD5:88624B8E01AC8036B6F1971B497DBB7E | SHA256:BADC42DA4C0E29AF7F6C0C58711D9DB7B3D7D4760C18CB521F4113D8CDBC2F3D | |||
2884 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXb2884.34077\Revenge-RAT v3 - NYANxCAT\Extensions\Aut2Exe\Autoit.au3 | text | |
MD5:76592CDB5646CE753B0A032A219CEA41 | SHA256:3B0A9192AE1945357E3E2A05E20C75663BB1788554F50BD5EE7E8B93C5AD1F66 | |||
2884 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXb2884.34077\Revenge-RAT v3 - NYANxCAT\Extensions\Aut2Exe\Aut2exe.exe | executable | |
MD5:D28806A3244AF288A2E569E36DF136C4 | SHA256:89AFE97DD27C3CADB96481DD38A1352BF6B98FA0206DD2D856728A47DC06F3BA | |||
2884 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXb2884.34077\Revenge-RAT v3 - NYANxCAT\Builder.exe | executable | |
MD5:BE03C752691189795254CEBAB618C21D | SHA256:313A9D09F096B4EB2EFE37E3C0B51268F601C0C9D1CA3508F46769EC89E0594B | |||
2884 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXb2884.34077\Revenge-RAT v3 - NYANxCAT\Extensions\Aut2Exe\Icons\AutoIt_Old1.ico | image | |
MD5:30270204AF026B5874476EC41ABE3ACD | SHA256:29D40D3CB78D5FA6FAFEABDDB01296D5FEAF8E7864210F5581F1BAD50C613B32 | |||
2884 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXb2884.34077\Revenge-RAT v3 - NYANxCAT\Extensions\AHK\AHK.ahk | text | |
MD5:A908B151CC37C66AEAFF20D43BA0CAE0 | SHA256:B032B99C88289C02388BD1DB21A3CFC34AC9AB36BC48BE5D6570AC6497F70E56 | |||
2884 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXb2884.34077\Revenge-RAT v3 - NYANxCAT\Extensions\Aut2Exe\Icons\AutoIt_Old4.ico | image | |
MD5:CC38AAF8B57E428ABFE0BE7309E7735B | SHA256:23672A6B6AC69E0E5F836E52144B44667298A47F08E641D9F227D3BB6AFBECC6 | |||
2884 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXb2884.34077\Revenge-RAT v3 - NYANxCAT\Extensions\Aut2Exe\Icons\SETUP06.ICO | image | |
MD5:A688105D2E3DF9769A0B8830A7510D45 | SHA256:217766AE48FDFAAB3B6C6A59003BD95D92EFFBE0F8D1B58C2BBE2A2FB85D8610 | |||
2884 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXb2884.34077\Revenge-RAT v3 - NYANxCAT\Extensions\Aut2Exe\Icons\AutoIt_Main_v9_48x48_256.ico | image | |
MD5:A87C314DD8B1FDE98FCA6E504F5FF8A0 | SHA256:C43AD7216D3F7553AE87A03F23D3BE0D6F9C5212E5DCE3D38B8E8A433A549DCA |