revengerat | 2f29c288b1c65341f982d8984a0650ad66765a3bc221bedcebbd2bc784a9da21 | Triage

Submit
Reports

Overview

overview

Static

static

1

nvoucher_d...s.ppam

windows7-x64

nvoucher_d...s.ppam

windows10-2004-x64

Sharing

General

Target

nvoucher_das_reservas.ppam
Size

44KB
Sample

230510-q489gagc87
MD5

906084f891c354df688b9b1012673cb0
SHA1

df3ac01679d444b6ae6cc81bf0f380cce79bd987
SHA256

2f29c288b1c65341f982d8984a0650ad66765a3bc221bedcebbd2bc784a9da21
SHA512

c8ab289935931708371d6ed05e95e26981ae338bafeadea4a272541575ace9216dbf569410e535c023727c0c92346b1ecc5d8c35c0a200462967641a8feb1701
SSDEEP

768:VPYRy7GviozfDTAR/rRSROn3sYOWTS2+1jqBoVEmErcSeykOgUGM5d/ym4csz:VgRyCR7T2/FMOncYOWXvBoV3EgS8jUGN

Score

10^/10

revengerat nyancatrevenge trojan

Static task

static1

Behavioral task

behavioral1

Sample

nvoucher_das_reservas.ppam

Resource

win7-20230220-en

revengerat nyancatrevenge trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

nvoucher_das_reservas.ppam

Resource

win10v2004-20230220-en

revengerat nyancatrevenge trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

revengerat

Botnet

NyanCatRevenge

C2

m7.ddns.com.br:5222

Mutex

30c2ac3031a0

Targets

- Target
  
  nvoucher_das_reservas.ppam
- Size
  
  44KB
- MD5
  
  906084f891c354df688b9b1012673cb0
- SHA1
  
  df3ac01679d444b6ae6cc81bf0f380cce79bd987
- SHA256
  
  2f29c288b1c65341f982d8984a0650ad66765a3bc221bedcebbd2bc784a9da21
- SHA512
  
  c8ab289935931708371d6ed05e95e26981ae338bafeadea4a272541575ace9216dbf569410e535c023727c0c92346b1ecc5d8c35c0a200462967641a8feb1701
- SSDEEP
  
  768:VPYRy7GviozfDTAR/rRSROn3sYOWTS2+1jqBoVEmErcSeykOgUGM5d/ym4csz:VgRyCR7T2/FMOncYOWXvBoV3EgS8jUGN
Score

10^/10

revengerat nyancatrevenge trojan
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Blocklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

revengeratnyancatrevengetrojan

behavioral2

revengeratnyancatrevengetrojan

© 2018-2024

Terms | Privacy