revengerat | aebe55c79817edcc4acff994e9dcb9230487092073bec48ea87448b90db1f888 | Triage

Submit
Reports

Overview

overview

Static

static

1

Documentao.ppam

windows7-x64

Documentao.ppam

windows10-2004-x64

Sharing

General

Target

Documentao.ppam
Size

17KB
Sample

230507-k816rsff3z
MD5

4f1c17e2da8035b8fd827f0fc93a1a40
SHA1

a47bf8b3d28d36279cb8a5a22f8c9a35206327a6
SHA256

aebe55c79817edcc4acff994e9dcb9230487092073bec48ea87448b90db1f888
SHA512

f80fb5e5f30191abd95bfec14637f2c7a47d8d1293cad3a9be20acafdd41aa5e833d17db8c65093a0c8b7d24b14e18a1d8092ef8acba5c4cd6a7dd6a620dc9b5
SSDEEP

384:dXPW8kJL8XaHgQOeE2kq9KkqkPGv9tMp4V9zNNxChJd:VPFaAn2kqnRctMgbNxChJd

Score

10^/10

revengerat nyancatrevenge trojan

Static task

static1

Behavioral task

behavioral1

Sample

Documentao.ppam

Resource

win7-20230220-en

revengerat nyancatrevenge trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

Documentao.ppam

Resource

win10v2004-20230220-en

revengerat nyancatrevenge trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

revengerat

Botnet

NyanCatRevenge

C2

m7.ddns.com.br:5222

Mutex

30c2ac3031a0

Targets

- Target
  
  Documentao.ppam
- Size
  
  17KB
- MD5
  
  4f1c17e2da8035b8fd827f0fc93a1a40
- SHA1
  
  a47bf8b3d28d36279cb8a5a22f8c9a35206327a6
- SHA256
  
  aebe55c79817edcc4acff994e9dcb9230487092073bec48ea87448b90db1f888
- SHA512
  
  f80fb5e5f30191abd95bfec14637f2c7a47d8d1293cad3a9be20acafdd41aa5e833d17db8c65093a0c8b7d24b14e18a1d8092ef8acba5c4cd6a7dd6a620dc9b5
- SSDEEP
  
  384:dXPW8kJL8XaHgQOeE2kq9KkqkPGv9tMp4V9zNNxChJd:VPFaAn2kqnRctMgbNxChJd
Score

10^/10

revengerat nyancatrevenge trojan
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Blocklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

revengeratnyancatrevengetrojan

behavioral2

revengeratnyancatrevengetrojan

© 2018-2024

Terms | Privacy