revengerat | f918fb220166f75e3bd9f8cd162b411bfd9ba210f4abe0f9509c5a7bf722a981 | Triage

Submit
Reports

Overview

overview

Static

static

1

bee2pay Authy.ppam

windows7-x64

bee2pay Authy.ppam

windows10-2004-x64

Sharing

General

Target

bee2pay Authy.ppam
Size

17KB
Sample

230511-xwhj4sce3s
MD5

515ff2344f241cfdb65a08b0c6fa90f9
SHA1

36b640ba2e0c9b6da14364e4b24a960b964b8377
SHA256

f918fb220166f75e3bd9f8cd162b411bfd9ba210f4abe0f9509c5a7bf722a981
SHA512

796fd73c9820ff56456deab07219ad29a25c8231d3c3fe60b2aa73ef3392f548e76eef12256f52a3aa447e251004153cb2c85c01bfda57d758a2a04c52aca44e
SSDEEP

384:dXPgOGHYbeUPGocggolFNXy82T4XIERqzmhb:VPpGHYfGTggol7O44nzW

Score

10^/10

revengerat nyancatrevenge trojan

Static task

static1

Behavioral task

behavioral1

Sample

bee2pay Authy.ppam

Resource

win7-20230220-en

revengerat nyancatrevenge trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

bee2pay Authy.ppam

Resource

win10v2004-20230220-en

revengerat nyancatrevenge trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

revengerat

Botnet

NyanCatRevenge

C2

m7.ddns.com.br:5222

Mutex

30c2ac3031a0

Targets

- Target
  
  bee2pay Authy.ppam
- Size
  
  17KB
- MD5
  
  515ff2344f241cfdb65a08b0c6fa90f9
- SHA1
  
  36b640ba2e0c9b6da14364e4b24a960b964b8377
- SHA256
  
  f918fb220166f75e3bd9f8cd162b411bfd9ba210f4abe0f9509c5a7bf722a981
- SHA512
  
  796fd73c9820ff56456deab07219ad29a25c8231d3c3fe60b2aa73ef3392f548e76eef12256f52a3aa447e251004153cb2c85c01bfda57d758a2a04c52aca44e
- SSDEEP
  
  384:dXPgOGHYbeUPGocggolFNXy82T4XIERqzmhb:VPpGHYfGTggol7O44nzW
Score

10^/10

revengerat nyancatrevenge trojan
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Blocklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

revengeratnyancatrevengetrojan

behavioral2

revengeratnyancatrevengetrojan

© 2018-2024

Terms | Privacy