revengerat | f651bda0b4fd972f48db97f7d7c57f4d66fb69f9c6a3f847a2a265d7dbe33469 | Triage

Sharing

General

Target

Reserva Detalhes.ppam
Size

8KB
Sample

231228-jv5flagaam
MD5

38a0eb561cbe53efb6a6bbbaef74e480
SHA1

a006b9112485374499ecaa1d6f989d1f29a4dd6f
SHA256

f651bda0b4fd972f48db97f7d7c57f4d66fb69f9c6a3f847a2a265d7dbe33469
SHA512

b2a59cf376dc3724867d9012eebc9cfabce8657b1f0eeb5671e764c5be216b97db1a88209d2ba0f7949035185712ab87d3f464bf51adfa34d46f3cb6e1bc027c
SSDEEP

192:xrXP/sUwOwsOa0PuuSUPmttJTd4joE3N9OycExwc:dXP+No8m7JTd4d9OycExR

Score

10^/10

revengerat nyancatrevenge trojan

Malware Config

Extracted

Family

revengerat

Botnet

NyanCatRevenge

C2

marcelotatuape.ddns.net:333

Mutex

281db369c9dc4bc4b1

Targets

- Target
  
  Reserva Detalhes.ppam
- Size
  
  8KB
- MD5
  
  38a0eb561cbe53efb6a6bbbaef74e480
- SHA1
  
  a006b9112485374499ecaa1d6f989d1f29a4dd6f
- SHA256
  
  f651bda0b4fd972f48db97f7d7c57f4d66fb69f9c6a3f847a2a265d7dbe33469
- SHA512
  
  b2a59cf376dc3724867d9012eebc9cfabce8657b1f0eeb5671e764c5be216b97db1a88209d2ba0f7949035185712ab87d3f464bf51adfa34d46f3cb6e1bc027c
- SSDEEP
  
  192:xrXP/sUwOwsOa0PuuSUPmttJTd4joE3N9OycExwc:dXP+No8m7JTd4d9OycExR
Score

10^/10

revengerat nyancatrevenge trojan
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

revengeratnyancatrevengetrojan