revengerat | 0fabe8bad86d907040ba52fc7fc59e1626a4ea86bb24baa85a94734b4517fddb | Triage

Submit
Reports

Overview

overview

Static

static

1

0fabe8bad8...b.ppam

windows7-x64

0fabe8bad8...b.ppam

windows10-2004-x64

Sharing

General

Target

0fabe8bad86d907040ba52fc7fc59e1626a4ea86bb24baa85a94734b4517fddb.ppam
Size

18KB
Sample

240312-cjmm3sda61
MD5

d9b08507bbed55097f91f61b995f1b81
SHA1

a10b28c1cca42bc277f1569feb830c10a501383e
SHA256

0fabe8bad86d907040ba52fc7fc59e1626a4ea86bb24baa85a94734b4517fddb
SHA512

cf9e1c41fff83c8e851d66ff4baf333b7e12acb99a37c62cf214d06ec5c1ea664e04eb0eb83d8ba206d8ad5a23532d910b48f670678e8238ea70fc9f12ef10b4
SSDEEP

384:dXPuMXrXloiGnEnKdyOeTR05MVzZcqsts7uJNFTRVmWJhCxM:VPX+i0EnKdyOMRWAzZWbTfmoCq

Score

10^/10

revengerat nyancatrevenge trojan

Static task

static1

Behavioral task

behavioral1

Sample

0fabe8bad86d907040ba52fc7fc59e1626a4ea86bb24baa85a94734b4517fddb.ppam

Resource

win7-20231129-en

revengerat nyancatrevenge trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

0fabe8bad86d907040ba52fc7fc59e1626a4ea86bb24baa85a94734b4517fddb.ppam

Resource

win10v2004-20240226-en

revengerat nyancatrevenge trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

revengerat

Botnet

NyanCatRevenge

C2

craxsrat.ddns.com.br:333

Mutex

27d7e6701f5e

Targets

- Target
  
  0fabe8bad86d907040ba52fc7fc59e1626a4ea86bb24baa85a94734b4517fddb.ppam
- Size
  
  18KB
- MD5
  
  d9b08507bbed55097f91f61b995f1b81
- SHA1
  
  a10b28c1cca42bc277f1569feb830c10a501383e
- SHA256
  
  0fabe8bad86d907040ba52fc7fc59e1626a4ea86bb24baa85a94734b4517fddb
- SHA512
  
  cf9e1c41fff83c8e851d66ff4baf333b7e12acb99a37c62cf214d06ec5c1ea664e04eb0eb83d8ba206d8ad5a23532d910b48f670678e8238ea70fc9f12ef10b4
- SSDEEP
  
  384:dXPuMXrXloiGnEnKdyOeTR05MVzZcqsts7uJNFTRVmWJhCxM:VPX+i0EnKdyOMRWAzZWbTfmoCq
Score

10^/10

revengerat nyancatrevenge trojan
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Blocklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

revengeratnyancatrevengetrojan

behavioral2

revengeratnyancatrevengetrojan

© 2018-2024

Terms | Privacy