Overview

overview

10

Static

static

1

f918fb2201...1.ppam

windows7-x64

10

f918fb2201...1.ppam

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    515ff2344f241cfdb65a08b0c6fa90f9.bin

  • Size

    15KB

  • Sample

    230513-bk822ahc2w

  • MD5

    ce924ea70996be182d480642aea936e1

  • SHA1

    b512b8bcb5cbda75d91113b3fb4be8d76221acee

  • SHA256

    bbf074ab20cf538065d73ed176393b532c442c9f80ced646d88f5bb8af1d094c

  • SHA512

    1cefebff00c81f65af830b9ed985de7cb486441003cac0c8bbddc14719e31f77663e39da1a05c332d9bc08feced967e944ac13344c64a420ae9fb3f37c98512c

  • SSDEEP

    384:2hxVWmmZZwiVjvsBkuR8IDfYtxiD9kEM13Uh1:0+msVY+unfYyS3UP

Score
10/10
revengeratnyancatrevengetrojan

Malware Config

Extracted

Family

revengerat

Botnet

NyanCatRevenge

C2

m7.ddns.com.br:5222

Mutex

30c2ac3031a0

Targets

    • Target

      f918fb220166f75e3bd9f8cd162b411bfd9ba210f4abe0f9509c5a7bf722a981.ppam

    • Size

      17KB

    • MD5

      515ff2344f241cfdb65a08b0c6fa90f9

    • SHA1

      36b640ba2e0c9b6da14364e4b24a960b964b8377

    • SHA256

      f918fb220166f75e3bd9f8cd162b411bfd9ba210f4abe0f9509c5a7bf722a981

    • SHA512

      796fd73c9820ff56456deab07219ad29a25c8231d3c3fe60b2aa73ef3392f548e76eef12256f52a3aa447e251004153cb2c85c01bfda57d758a2a04c52aca44e

    • SSDEEP

      384:dXPgOGHYbeUPGocggolFNXy82T4XIERqzmhb:VPpGHYfGTggol7O44nzW

    Score
    10/10
    revengeratnyancatrevengetrojan

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

      trojanrevengerat

    • Blocklisted process makes network request

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks