General

  • Target

    94137cbe1455e824d25c59e3c5a0daf2b9274b055cf6e20800efa7713d10c1ac.ps1

  • Size

    801KB

  • Sample

    230507-e92wssge28

  • MD5

    7660ddcbb1eeb5db743604a0487f144c

  • SHA1

    2a8ddaa0c0da3fb447ea70abedd27f5c7709bb77

  • SHA256

    94137cbe1455e824d25c59e3c5a0daf2b9274b055cf6e20800efa7713d10c1ac

  • SHA512

    6ed5131ef7cc08eabead72bcc983d59b41032db698db8ae421a8c0abc8e180550f4ce5ef156d6d64606cdb3bd375408c68a8dc37cb5206c42785a80abd7f4ff6

  • SSDEEP

    12288:OZmTk3LmZmTk3Lv2RDsUU1Vq2RDsUU1VW2RDsUU1V2:OZmTAKZmTAr25gq25gW25g2

Malware Config

Extracted

Family

revengerat

Botnet

NyanCatRevenge

C2

b2b.ddns.com.br:5222

Mutex

d9261ef3301b4b86a95

Targets

    • Target

      94137cbe1455e824d25c59e3c5a0daf2b9274b055cf6e20800efa7713d10c1ac.ps1

    • Size

      801KB

    • MD5

      7660ddcbb1eeb5db743604a0487f144c

    • SHA1

      2a8ddaa0c0da3fb447ea70abedd27f5c7709bb77

    • SHA256

      94137cbe1455e824d25c59e3c5a0daf2b9274b055cf6e20800efa7713d10c1ac

    • SHA512

      6ed5131ef7cc08eabead72bcc983d59b41032db698db8ae421a8c0abc8e180550f4ce5ef156d6d64606cdb3bd375408c68a8dc37cb5206c42785a80abd7f4ff6

    • SSDEEP

      12288:OZmTk3LmZmTk3Lv2RDsUU1Vq2RDsUU1VW2RDsUU1V2:OZmTAKZmTAr25gq25gW25g2

    • Detects Redline Stealer samples

      This rule detects the presence of Redline Stealer samples based on their unique strings.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks