revengerat | 52a898f9c3174c252ef1745e353a49aa898fe99122720bf33126644c319c8df4 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

1

2fe97c1cb5...5.ppam

windows7-x64

2fe97c1cb5...5.ppam

windows10-2004-x64

Sharing

General

Target

2fe97c1cb597d1812cfefe11ce2327da3d18e3cc16bacf38512db1cbd53570d5.zip
Size

17KB
Sample

230516-zhhztsce42
MD5

e8a484eb1befb65a8fb0920037e22ddc
SHA1

73ac946e66b4e6bdad1743de522cc5a26b3e8de8
SHA256

52a898f9c3174c252ef1745e353a49aa898fe99122720bf33126644c319c8df4
SHA512

6a0e28940b8225bf46ed80624dc40241bb9b8d1b71025790bb0ce7207f73e6021773eb40e2b4025d3007ed1ac1f7b104f4b145ed0d5cf2ed09222266be152d94
SSDEEP

384:vL77A60nSvb+7kKgXJsC3f13TZfJte4WPOHbf3Z3G/fOXlmFAuJyvy2:DQ67+DgeC3f1DBG4QOf6faUAuUt

Score

10^/10

revengerat nyancatrevenge trojan

Static task

static1

Behavioral task

behavioral1

Sample

2fe97c1cb597d1812cfefe11ce2327da3d18e3cc16bacf38512db1cbd53570d5.ppam

Resource

win7-20230220-en

revengerat nyancatrevenge trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

2fe97c1cb597d1812cfefe11ce2327da3d18e3cc16bacf38512db1cbd53570d5.ppam

Resource

win10v2004-20230220-en

revengerat nyancatrevenge trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

revengerat

Botnet

NyanCatRevenge

C2

m7.ddns.com.br:5222

Mutex

30c2ac3031a0

Targets

- Target
  
  2fe97c1cb597d1812cfefe11ce2327da3d18e3cc16bacf38512db1cbd53570d5.ppam
- Size
  
  19KB
- MD5
  
  f2c6f5b43d73d91bb9eb0de2812ff7cb
- SHA1
  
  d4dbf0af4bfbd0f6ce0aadb9dcbbc30cebf36aad
- SHA256
  
  2fe97c1cb597d1812cfefe11ce2327da3d18e3cc16bacf38512db1cbd53570d5
- SHA512
  
  bd2abddb6f66c5f104925d48d6499ed336e52b43829ee42595f00382c69dccb4398822c8df565c31a44ea9fe12dc4fc31c953652a4698bdf6fbfa96df304a82a
- SSDEEP
  
  384:dXPWGaYOMHEG4upmXuB44OPJ8GfkXjedXRMx+CI/tQiZlyszuCqo9NRrccG:VPWGNO7kpme64C21Xjc2xXI/XTys6ARk
Score

10^/10

revengerat nyancatrevenge trojan
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Blocklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

revengeratnyancatrevengetrojan

behavioral2

revengeratnyancatrevengetrojan

© 2018-2025

Terms | Privacy