revengerat | 924b64652f124bbf235affcb91f62ddd799456c8b7438842c322db64d1a3e4a4 | Triage

Submit
Reports

Overview

overview

Static

static

8

OmnibeesRe...83.pps

windows7-x64

OmnibeesRe...83.pps

windows10-2004-x64

Sharing

General

Target

OmnibeesReservas2020006483.ppa
Size

85KB
Sample

230507-k568lsfc4s
MD5

f73d28374566888ca72af46736a044c7
SHA1

a4186cef906d11a1af9c064b742449c1ea0dccd5
SHA256

924b64652f124bbf235affcb91f62ddd799456c8b7438842c322db64d1a3e4a4
SHA512

c7460d9b69519c206bb553a37f263c178bcfd5b3c1902cd400433248f2e7b01f776c92f8eb6cafd1f11818cd097c22960744d205de73c6649e71f468ef1afc52
SSDEEP

768:b2HgyYZ88pJ9lYsI4XrNK7LSdvsqQvb36aTZQSCmYDxB:bXyYZ88RlYsI4XrNKCdvgvb37VQnrx

Score

10^/10

revengerat nyancatrevenge macro macro_on_action trojan

Static task

static1

macro macro_on_action

2 signatures

Behavioral task

behavioral1

Sample

OmnibeesReservas2020006483.pps

Resource

win7-20230220-en

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

OmnibeesReservas2020006483.pps

Resource

win10v2004-20230220-en

revengerat nyancatrevenge trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

revengerat

Botnet

NyanCatRevenge

C2

m7.ddns.com.br:5222

Mutex

63165e63d56748c

Targets

- Target
  
  OmnibeesReservas2020006483.ppa
- Size
  
  85KB
- MD5
  
  f73d28374566888ca72af46736a044c7
- SHA1
  
  a4186cef906d11a1af9c064b742449c1ea0dccd5
- SHA256
  
  924b64652f124bbf235affcb91f62ddd799456c8b7438842c322db64d1a3e4a4
- SHA512
  
  c7460d9b69519c206bb553a37f263c178bcfd5b3c1902cd400433248f2e7b01f776c92f8eb6cafd1f11818cd097c22960744d205de73c6649e71f468ef1afc52
- SSDEEP
  
  768:b2HgyYZ88pJ9lYsI4XrNK7LSdvsqQvb36aTZQSCmYDxB:bXyYZ88RlYsI4XrNKCdvgvb37VQnrx
Score

10^/10

revengerat nyancatrevenge trojan
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Blocklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

macromacro_on_action

behavioral1

behavioral2

revengeratnyancatrevengetrojan

© 2018-2024

Terms | Privacy