revengerat | 2e07606a2d33855138f2430c5aab7e1894e0e75efd2ab1b39ac76256614ca462 | Triage

Submit
Reports

Overview

overview

Static

static

1

Boleto2002...r.ppam

windows7-x64

Boleto2002...r.ppam

windows10-2004-x64

Sharing

General

Target

Boleto2002301988master.ppam
Size

13KB
Sample

230507-g7flwsag4x
MD5

c323058745acd4feab0c15282709a04e
SHA1

8e5a988968000ecfa816352c52bd66490bc2b31a
SHA256

2e07606a2d33855138f2430c5aab7e1894e0e75efd2ab1b39ac76256614ca462
SHA512

fa719dcc24dca693779406ab5eca4f7f4a0bfb736cb91b0868105213c91e0733600a33b49b6fdf4a7bfbaed84ae4407127181b86f6ede9e6f69bcefcd60400c9
SSDEEP

384:dXPzPWrxbb3wiyhJ4eSTbhkIYGgAjLHU+zerK9p:VPObL7yz8hkIp5Vyw

Score

10^/10

revengerat nyancatrevenge trojan

Static task

static1

Behavioral task

behavioral1

Sample

Boleto2002301988master.ppam

Resource

win7-20230220-en

revengerat nyancatrevenge trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

Boleto2002301988master.ppam

Resource

win10v2004-20230220-en

revengerat nyancatrevenge trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

revengerat

Botnet

NyanCatRevenge

C2

b2b.ddns.com.br:5222

Mutex

d9261ef3301b4b86a95

Targets

- Target
  
  Boleto2002301988master.ppam
- Size
  
  13KB
- MD5
  
  c323058745acd4feab0c15282709a04e
- SHA1
  
  8e5a988968000ecfa816352c52bd66490bc2b31a
- SHA256
  
  2e07606a2d33855138f2430c5aab7e1894e0e75efd2ab1b39ac76256614ca462
- SHA512
  
  fa719dcc24dca693779406ab5eca4f7f4a0bfb736cb91b0868105213c91e0733600a33b49b6fdf4a7bfbaed84ae4407127181b86f6ede9e6f69bcefcd60400c9
- SSDEEP
  
  384:dXPzPWrxbb3wiyhJ4eSTbhkIYGgAjLHU+zerK9p:VPObL7yz8hkIp5Vyw
Score

10^/10

revengerat nyancatrevenge trojan
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Blocklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

revengeratnyancatrevengetrojan

behavioral2

revengeratnyancatrevengetrojan

© 2018-2024

Terms | Privacy