revengerat | f8d9858e2029276c48e1e7aefc168269ba73450bfba41d49d47aa61092dd0cf9 | Triage

Submit
Reports

Overview

overview

Static

static

1

f8d9858e20...9.ppam

windows7-x64

f8d9858e20...9.ppam

windows10-2004-x64

Sharing

General

Target

f8d9858e2029276c48e1e7aefc168269ba73450bfba41d49d47aa61092dd0cf9.ppam
Size

15KB
Sample

240313-dc8seada79
MD5

61d206a7e9df935a0cad8de669e85241
SHA1

fa687a793c6e5756d26e1d6082767c86efcb6198
SHA256

f8d9858e2029276c48e1e7aefc168269ba73450bfba41d49d47aa61092dd0cf9
SHA512

530c13a6b775e0e7fe1b101884e323b22f2e2420777e381f83244903258c709df1db706362d41769f91e556e7d70cf72041d11fb76ee9db7de2895d85f2aab68
SSDEEP

192:xrXP//fWt8oxFx+Wex7wTQxM7IVHdimITS09k80JFbSvmSvjXma9kofRuGEy4TZw:dXPvW6S+WexTM74d+XSDSOoTdfw3y0C

Score

10^/10

revengerat nyancatrevenge trojan

Static task

static1

Behavioral task

behavioral1

Sample

f8d9858e2029276c48e1e7aefc168269ba73450bfba41d49d47aa61092dd0cf9.ppam

Resource

win7-20240221-en

revengerat nyancatrevenge trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

f8d9858e2029276c48e1e7aefc168269ba73450bfba41d49d47aa61092dd0cf9.ppam

Resource

win10v2004-20240226-en

revengerat nyancatrevenge trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

revengerat

Botnet

NyanCatRevenge

C2

craxsrat.ddns.com.br:333

Mutex

27d7e6701f5e

Targets

- Target
  
  f8d9858e2029276c48e1e7aefc168269ba73450bfba41d49d47aa61092dd0cf9.ppam
- Size
  
  15KB
- MD5
  
  61d206a7e9df935a0cad8de669e85241
- SHA1
  
  fa687a793c6e5756d26e1d6082767c86efcb6198
- SHA256
  
  f8d9858e2029276c48e1e7aefc168269ba73450bfba41d49d47aa61092dd0cf9
- SHA512
  
  530c13a6b775e0e7fe1b101884e323b22f2e2420777e381f83244903258c709df1db706362d41769f91e556e7d70cf72041d11fb76ee9db7de2895d85f2aab68
- SSDEEP
  
  192:xrXP//fWt8oxFx+Wex7wTQxM7IVHdimITS09k80JFbSvmSvjXma9kofRuGEy4TZw:dXPvW6S+WexTM74d+XSDSOoTdfw3y0C
Score

10^/10

revengerat nyancatrevenge trojan
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Blocklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

revengeratnyancatrevengetrojan

behavioral2

revengeratnyancatrevengetrojan

© 2018-2024

Terms | Privacy