revengerat | dbcb21d5f9c1a74aaeacb6fd5e4bda89af7cf80461eae3fa3c61a8bb90bf5044 | Triage

Submit
Reports

Overview

overview

Static

static

1

Solicitaca...2.ppam

windows7-x64

Solicitaca...2.ppam

windows10-2004-x64

Sharing

General

Target

Solicitacao n 3422022.ppam
Size

21KB
Sample

240313-qgm3qafd33
MD5

0fa350aeda0300d702cbffe77bdf26e1
SHA1

3b9a66fd26bfd26cff53e222744b382da0735c74
SHA256

dbcb21d5f9c1a74aaeacb6fd5e4bda89af7cf80461eae3fa3c61a8bb90bf5044
SHA512

d4514a79d24d5b165f0588cfa370a92e6d781add023878b515248c453153e26b9e701b2d5b7a1e02976783ba5925a0fd353d25ab8510419c4b6b30df2858e0d1
SSDEEP

384:dXP27u0zBE0RZ+T9cx/7tsZKhNVqo6JV5ZjXDcd42nS5wYFjg1zTeQcxUwPMyvxh:VP2r60L+BS6ZkHqxJZkd42Sr9g1Xed0k

Score

10^/10

revengerat nyancatrevenge trojan

Static task

static1

Behavioral task

behavioral1

Sample

Solicitacao n 3422022.ppam

Resource

win7-20231129-en

revengerat nyancatrevenge trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

Solicitacao n 3422022.ppam

Resource

win10v2004-20240226-en

revengerat nyancatrevenge trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

revengerat

Botnet

NyanCatRevenge

C2

craxsrat.ddns.com.br:333

Mutex

27d7e6701f5e

Targets

- Target
  
  Solicitacao n 3422022.ppam
- Size
  
  21KB
- MD5
  
  0fa350aeda0300d702cbffe77bdf26e1
- SHA1
  
  3b9a66fd26bfd26cff53e222744b382da0735c74
- SHA256
  
  dbcb21d5f9c1a74aaeacb6fd5e4bda89af7cf80461eae3fa3c61a8bb90bf5044
- SHA512
  
  d4514a79d24d5b165f0588cfa370a92e6d781add023878b515248c453153e26b9e701b2d5b7a1e02976783ba5925a0fd353d25ab8510419c4b6b30df2858e0d1
- SSDEEP
  
  384:dXP27u0zBE0RZ+T9cx/7tsZKhNVqo6JV5ZjXDcd42nS5wYFjg1zTeQcxUwPMyvxh:VP2r60L+BS6ZkHqxJZkd42Sr9g1Xed0k
Score

10^/10

revengerat nyancatrevenge trojan
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Blocklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

revengeratnyancatrevengetrojan

behavioral2

revengeratnyancatrevengetrojan

© 2018-2024

Terms | Privacy