Overview

overview

10

Static

static

1

9e726810be...4.ppam

windows7-x64

10

9e726810be...4.ppam

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cbcc937ed1ac2f9cca45d47d7ab44b49.bin

  • Size

    17KB

  • Sample

    230605-ptb1jsgf33

  • MD5

    327aae8ec2094f6e39dfbb8d2f58040e

  • SHA1

    03a1aad8b09cce6588a2602ad7ba1f700e2e60d3

  • SHA256

    5c76a333a7cfdf96f03427f85d80216b48ab406e5b5d381f296f3c5af9746429

  • SHA512

    fb934db492704c814a77c04d93494fd28f1b9c555f9b2dc44697a9e06563d5eab1bf4002038b4bdf9849a3fc25a4f423854905b2a314af024994fb21c4b268de

  • SSDEEP

    384:w1QCVh5m8kDGyU12mZrdAM9hIaq8klZvf7xIToRGf1C5N:bq5dOGPRb7klZLxNQ1g

Score
10/10
revengeratnyancatrevengetrojan

Malware Config

Extracted

Family

revengerat

Botnet

NyanCatRevenge

C2

m7.ddns.com.br:5222

Mutex

30c2ac3031a0

Targets

    • Target

      9e726810be94f4426ca470f2054b1324494f4fd53cd3f3901c79b46e481042e4.ppam

    • Size

      19KB

    • MD5

      cbcc937ed1ac2f9cca45d47d7ab44b49

    • SHA1

      4e45051c4e0af07f567407095fbed8cb3e1a032c

    • SHA256

      9e726810be94f4426ca470f2054b1324494f4fd53cd3f3901c79b46e481042e4

    • SHA512

      7d45eb38cd778b82cae617300a0bc8a0033c3978e9727d2a7932098e9b51d7e4df715d4a1dff4a76837a10a148fdac8997c38fb71cb46afd4ac5e1c4a9727ff6

    • SSDEEP

      384:dXPYvQCahPS6U7rbHc1RaICb7PwFkqdKW9rAgZF2o2Z2FoeapDCsx3Dw:VPYryLU7rbHgaIEI5MacgZUhZk8C4zw

    Score
    10/10
    revengeratnyancatrevengetrojan

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

      trojanrevengerat

    • Blocklisted process makes network request

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

3
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks