Overview

overview

10

Static

static

1

nvoucher_d...s.ppam

windows7-x64

10

nvoucher_d...s.ppam

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    nvoucher_das_reservas.ppam

  • Size

    44KB

  • Sample

    230510-q489gagc87

  • MD5

    906084f891c354df688b9b1012673cb0

  • SHA1

    df3ac01679d444b6ae6cc81bf0f380cce79bd987

  • SHA256

    2f29c288b1c65341f982d8984a0650ad66765a3bc221bedcebbd2bc784a9da21

  • SHA512

    c8ab289935931708371d6ed05e95e26981ae338bafeadea4a272541575ace9216dbf569410e535c023727c0c92346b1ecc5d8c35c0a200462967641a8feb1701

  • SSDEEP

    768:VPYRy7GviozfDTAR/rRSROn3sYOWTS2+1jqBoVEmErcSeykOgUGM5d/ym4csz:VgRyCR7T2/FMOncYOWXvBoV3EgS8jUGN

Score
10/10
revengeratnyancatrevengetrojan

Malware Config

Extracted

Family

revengerat

Botnet

NyanCatRevenge

C2

m7.ddns.com.br:5222

Mutex

30c2ac3031a0

Targets

    • Target

      nvoucher_das_reservas.ppam

    • Size

      44KB

    • MD5

      906084f891c354df688b9b1012673cb0

    • SHA1

      df3ac01679d444b6ae6cc81bf0f380cce79bd987

    • SHA256

      2f29c288b1c65341f982d8984a0650ad66765a3bc221bedcebbd2bc784a9da21

    • SHA512

      c8ab289935931708371d6ed05e95e26981ae338bafeadea4a272541575ace9216dbf569410e535c023727c0c92346b1ecc5d8c35c0a200462967641a8feb1701

    • SSDEEP

      768:VPYRy7GviozfDTAR/rRSROn3sYOWTS2+1jqBoVEmErcSeykOgUGM5d/ym4csz:VgRyCR7T2/FMOncYOWXvBoV3EgS8jUGN

    Score
    10/10
    revengeratnyancatrevengetrojan

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

      trojanrevengerat

    • Blocklisted process makes network request

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks