General
-
Target
b2bd3de3e5b0e35313263bef4b1ca49c5478d472f6d37d1070a57b1f6aa4f7bb
-
Size
166KB
-
Sample
201110-hjl78mwj2a
-
MD5
30168bc8ecd55affc43b224091c6945f
-
SHA1
e5cdc65b57a027d7123307ecaf12031bb789aed7
-
SHA256
b2bd3de3e5b0e35313263bef4b1ca49c5478d472f6d37d1070a57b1f6aa4f7bb
-
SHA512
60650f2779128ef54d648dbf8e83b5ed079aef99f23df5a29ec50e3672793e8a103214f03af4d74e132aa35cc099aab5eaa4f8e0a76f0878f591470f7bafb138
Static task
static1
Behavioral task
behavioral1
Sample
b2bd3de3e5b0e35313263bef4b1ca49c5478d472f6d37d1070a57b1f6aa4f7bb.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
b2bd3de3e5b0e35313263bef4b1ca49c5478d472f6d37d1070a57b1f6aa4f7bb.exe
Resource
win10v20201028
Malware Config
Extracted
revengerat
NyanCatRevenge
hpdndbnb.duckdns.org:2404
90a49aa7c27647e
Targets
-
-
Target
b2bd3de3e5b0e35313263bef4b1ca49c5478d472f6d37d1070a57b1f6aa4f7bb
-
Size
166KB
-
MD5
30168bc8ecd55affc43b224091c6945f
-
SHA1
e5cdc65b57a027d7123307ecaf12031bb789aed7
-
SHA256
b2bd3de3e5b0e35313263bef4b1ca49c5478d472f6d37d1070a57b1f6aa4f7bb
-
SHA512
60650f2779128ef54d648dbf8e83b5ed079aef99f23df5a29ec50e3672793e8a103214f03af4d74e132aa35cc099aab5eaa4f8e0a76f0878f591470f7bafb138
Score10/10-
Modifies WinLogon for persistence
-
Turns off Windows Defender SpyNet reporting
-
Drops startup file
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-