Overview

overview

10

Static

static

1

NF 7867 e 7868.ppam

windows7-x64

10

NF 7867 e 7868.ppam

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NF 7867 e 7868.ppam

  • Size

    19KB

  • Sample

    230601-yan1fagb44

  • MD5

    cbcc937ed1ac2f9cca45d47d7ab44b49

  • SHA1

    4e45051c4e0af07f567407095fbed8cb3e1a032c

  • SHA256

    9e726810be94f4426ca470f2054b1324494f4fd53cd3f3901c79b46e481042e4

  • SHA512

    7d45eb38cd778b82cae617300a0bc8a0033c3978e9727d2a7932098e9b51d7e4df715d4a1dff4a76837a10a148fdac8997c38fb71cb46afd4ac5e1c4a9727ff6

  • SSDEEP

    384:dXPYvQCahPS6U7rbHc1RaICb7PwFkqdKW9rAgZF2o2Z2FoeapDCsx3Dw:VPYryLU7rbHgaIEI5MacgZUhZk8C4zw

Score
10/10
revengeratnyancatrevengetrojan

Malware Config

Extracted

Family

revengerat

Botnet

NyanCatRevenge

C2

m7.ddns.com.br:5222

Mutex

30c2ac3031a0

Targets

    • Target

      NF 7867 e 7868.ppam

    • Size

      19KB

    • MD5

      cbcc937ed1ac2f9cca45d47d7ab44b49

    • SHA1

      4e45051c4e0af07f567407095fbed8cb3e1a032c

    • SHA256

      9e726810be94f4426ca470f2054b1324494f4fd53cd3f3901c79b46e481042e4

    • SHA512

      7d45eb38cd778b82cae617300a0bc8a0033c3978e9727d2a7932098e9b51d7e4df715d4a1dff4a76837a10a148fdac8997c38fb71cb46afd4ac5e1c4a9727ff6

    • SSDEEP

      384:dXPYvQCahPS6U7rbHc1RaICb7PwFkqdKW9rAgZF2o2Z2FoeapDCsx3Dw:VPYryLU7rbHgaIEI5MacgZUhZk8C4zw

    Score
    10/10
    revengeratnyancatrevengetrojan

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

      trojanrevengerat

    • Blocklisted process makes network request

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks