General

  • Target

    OmnibeesReservas2020006483.ppa

  • Size

    85KB

  • Sample

    230507-k568lsfc4s

  • MD5

    f73d28374566888ca72af46736a044c7

  • SHA1

    a4186cef906d11a1af9c064b742449c1ea0dccd5

  • SHA256

    924b64652f124bbf235affcb91f62ddd799456c8b7438842c322db64d1a3e4a4

  • SHA512

    c7460d9b69519c206bb553a37f263c178bcfd5b3c1902cd400433248f2e7b01f776c92f8eb6cafd1f11818cd097c22960744d205de73c6649e71f468ef1afc52

  • SSDEEP

    768:b2HgyYZ88pJ9lYsI4XrNK7LSdvsqQvb36aTZQSCmYDxB:bXyYZ88RlYsI4XrNKCdvgvb37VQnrx

Malware Config

Extracted

Family

revengerat

Botnet

NyanCatRevenge

C2

m7.ddns.com.br:5222

Mutex

63165e63d56748c

Targets

    • Target

      OmnibeesReservas2020006483.ppa

    • Size

      85KB

    • MD5

      f73d28374566888ca72af46736a044c7

    • SHA1

      a4186cef906d11a1af9c064b742449c1ea0dccd5

    • SHA256

      924b64652f124bbf235affcb91f62ddd799456c8b7438842c322db64d1a3e4a4

    • SHA512

      c7460d9b69519c206bb553a37f263c178bcfd5b3c1902cd400433248f2e7b01f776c92f8eb6cafd1f11818cd097c22960744d205de73c6649e71f468ef1afc52

    • SSDEEP

      768:b2HgyYZ88pJ9lYsI4XrNK7LSdvsqQvb36aTZQSCmYDxB:bXyYZ88RlYsI4XrNKCdvgvb37VQnrx

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

    • Blocklisted process makes network request

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks