revengerat | 77b31ef155fb5590c1150022299678f89a2ddba39fa21bcf0cceebb7b43988d2 | Triage

Submit
Reports

Overview

overview

Static

static

1

2f29c288b1...1.ppam

windows7-x64

2f29c288b1...1.ppam

windows10-2004-x64

Sharing

General

Target

2f29c288b1c65341f982d8984a0650ad66765a3bc221bedcebbd2bc784a9da21.zip
Size

43KB
Sample

230516-y6cx2scd78
MD5

4157e68ac106a63b0e896a7b4ae3863e
SHA1

376c2f29e7a9d3a7b6226ee188c3f600b467ae06
SHA256

77b31ef155fb5590c1150022299678f89a2ddba39fa21bcf0cceebb7b43988d2
SHA512

21adfa924aa862cf43661e84db41bf80c17f3ccfa2678ec23f007b3fa63d75998295aafd3363ae4c9fda6dc1bc6692f5c07d7ce46df23308c72e031af045ac2f
SSDEEP

768:56N9frK7TwSf9jHriOoe9bD6n3Y1EKDbaHex95kR5/+6GqEjF8YjjWFZ9qHz5fCZ:5A9f+73fFLLoe9v63YC8+qzQAH9GZ8Tw

Score

10^/10

revengerat nyancatrevenge trojan

Static task

static1

Behavioral task

behavioral1

Sample

2f29c288b1c65341f982d8984a0650ad66765a3bc221bedcebbd2bc784a9da21.ppam

Resource

win7-20230220-en

revengerat nyancatrevenge trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

2f29c288b1c65341f982d8984a0650ad66765a3bc221bedcebbd2bc784a9da21.ppam

Resource

win10v2004-20230220-en

revengerat nyancatrevenge trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

revengerat

Botnet

NyanCatRevenge

C2

m7.ddns.com.br:5222

Mutex

30c2ac3031a0

Targets

- Target
  
  2f29c288b1c65341f982d8984a0650ad66765a3bc221bedcebbd2bc784a9da21.ppam
- Size
  
  44KB
- MD5
  
  906084f891c354df688b9b1012673cb0
- SHA1
  
  df3ac01679d444b6ae6cc81bf0f380cce79bd987
- SHA256
  
  2f29c288b1c65341f982d8984a0650ad66765a3bc221bedcebbd2bc784a9da21
- SHA512
  
  c8ab289935931708371d6ed05e95e26981ae338bafeadea4a272541575ace9216dbf569410e535c023727c0c92346b1ecc5d8c35c0a200462967641a8feb1701
- SSDEEP
  
  768:VPYRy7GviozfDTAR/rRSROn3sYOWTS2+1jqBoVEmErcSeykOgUGM5d/ym4csz:VgRyCR7T2/FMOncYOWXvBoV3EgS8jUGN
Score

10^/10

revengerat nyancatrevenge trojan
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Blocklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

revengeratnyancatrevengetrojan

behavioral2

revengeratnyancatrevengetrojan

© 2018-2024

Terms | Privacy