revengerat | b4614240ec20d504a01d0782e88f2d2a0668b7afeb353427fe03ab22e3de8bd8 | Triage

Sharing

General

Target

Detalhes Reserva.ppam
Size

10KB
Sample

240105-tt757sgcg4
MD5

836c98de1441fa0f9a5bcff58b665abf
SHA1

1b1897a2a0d907cc94d0706b5ec4abd73e1afcc1
SHA256

b4614240ec20d504a01d0782e88f2d2a0668b7afeb353427fe03ab22e3de8bd8
SHA512

e83e55d6a0629bb4f813b290e923e5ab0e34d93f726c5fe1de2f35ec9930f38f896dd098d528d6ff8d0411e76badeb5a5cc07146c7cbb74495653639b69264d0
SSDEEP

192:xrXP/72meEX+TgyGixbUlA9fsZ02w8DgtSqAnrb4KEv4V51IhDotEay51SpyYL:dXPqh5uSc038sNw04z13tgi

Score

10^/10

revengerat nyancatrevenge trojan

Malware Config

Extracted

Family

revengerat

Botnet

NyanCatRevenge

C2

marcelotatuape.ddns.net:333

Mutex

44d14179ad9b4cceb4

Targets

- Target
  
  Detalhes Reserva.ppam
- Size
  
  10KB
- MD5
  
  836c98de1441fa0f9a5bcff58b665abf
- SHA1
  
  1b1897a2a0d907cc94d0706b5ec4abd73e1afcc1
- SHA256
  
  b4614240ec20d504a01d0782e88f2d2a0668b7afeb353427fe03ab22e3de8bd8
- SHA512
  
  e83e55d6a0629bb4f813b290e923e5ab0e34d93f726c5fe1de2f35ec9930f38f896dd098d528d6ff8d0411e76badeb5a5cc07146c7cbb74495653639b69264d0
- SSDEEP
  
  192:xrXP/72meEX+TgyGixbUlA9fsZ02w8DgtSqAnrb4KEv4V51IhDotEay51SpyYL:dXPqh5uSc038sNw04z13tgi
Score

10^/10

revengerat nyancatrevenge trojan
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

revengeratnyancatrevengetrojan