Overview

overview

10

Static

static

1

Reserva de...a.ppam

windows7-x64

10

Reserva de...a.ppam

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Reserva detalhada.ppam

  • Size

    16KB

  • Sample

    240301-je8s3sed88

  • MD5

    a47e4c737b038a0b8523f430fc97e340

  • SHA1

    01125244b799ecb7eadbe94ff10887d3e28e02c1

  • SHA256

    0b2bdf84b652a409fc9875e73d896945143ad918556caeba75526740714d02ea

  • SHA512

    3436df276bf9daca84afb63bcf34111423799095dfc3af326b6a5993680dab5a086c321891223fb5536dc8529223fe1579f548981195ee91b798396f83327392

  • SSDEEP

    192:xrXP/MTsLviNbffWmwiG1QHhk8/fjx2DHeVxlAKsW0r/ls6faz6MfPfVV7ZAjUbR:dXPr0b+sH6DD+VHAwqtsuaNPfrFAa3

Score
10/10
revengeratnyancatrevengetrojan

Malware Config

Extracted

Family

revengerat

Botnet

NyanCatRevenge

C2

brasil.ddns.com.br:333

Mutex

5e241e476b334640a2f

Targets

    • Target

      Reserva detalhada.ppam

    • Size

      16KB

    • MD5

      a47e4c737b038a0b8523f430fc97e340

    • SHA1

      01125244b799ecb7eadbe94ff10887d3e28e02c1

    • SHA256

      0b2bdf84b652a409fc9875e73d896945143ad918556caeba75526740714d02ea

    • SHA512

      3436df276bf9daca84afb63bcf34111423799095dfc3af326b6a5993680dab5a086c321891223fb5536dc8529223fe1579f548981195ee91b798396f83327392

    • SSDEEP

      192:xrXP/MTsLviNbffWmwiG1QHhk8/fjx2DHeVxlAKsW0r/ls6faz6MfPfVV7ZAjUbR:dXPr0b+sH6DD+VHAwqtsuaNPfrFAa3

    Score
    10/10
    revengeratnyancatrevengetrojan

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

      trojanrevengerat

    • Blocklisted process makes network request

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

3
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks