revengerat | aee96147d05a9d6564be20eb8dfc628635c15bca71cf62c85edd328fef582831 | Triage

Sharing

General

Target

Mensajes en cuarentena (1).zip
Size

86KB
Sample

240325-jvzv4sah52
MD5

b5de3adc2b4130061ce1c99935a6a4c2
SHA1

c1ac0d60cdabb3afba405723da069c036ddd07aa
SHA256

aee96147d05a9d6564be20eb8dfc628635c15bca71cf62c85edd328fef582831
SHA512

f71e993dc3092ec254e52eb4b2392d0c10202f3ad4406e7ea85db41db37d0999c38ab1ed88a778849a212763e4fec4047b6934ac344c207299db7f08004e30b1
SSDEEP

1536:0aXTqjn3aF5J3sY6sSl4q3iJhhXUP5hpP2eCSoqcUvN3tVdaNJS+XuVDL:0aX0nZ8SinJhBk5hpPvHndaN8++VX

Score

10^/10

revengerat nyancatrevenge macro macro_on_action trojan

Malware Config

Extracted

Family

revengerat

Botnet

NyanCatRevenge

C2

craxsrat.ddns.com.br:333

Mutex

27d7e6701f5e

Targets

- Target
  
  Comrpovante de pagamento.ppa
- Size
  
  88KB
- MD5
  
  ff08378dd83e84df74a9ce07f5105aa2
- SHA1
  
  2ba229ede6c3b0a53e966d6f491e556b8b9efe72
- SHA256
  
  994fbd9bbcb4586bcc97a0c0fb48f08b3af8acac284624c84d2d102fb1f3762e
- SHA512
  
  f09ce3a2e8a21979c8d8060ee8206cc6d4146a80176a3f243f35fa0f8f021ec349fb3474ff0635c3543092c34ad6bcb5898895c37d05763f6945fc42fa8ca1fc
- SSDEEP
  
  768:0cOoejkNcs+kozxpxWMjcXocyNumLu8J7icjo:0WejkNcsuzxpxWbYT1u
Score

10^/10

revengerat nyancatrevenge trojan
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Blocklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  Documentacao pax.ppa
- Size
  
  88KB
- MD5
  
  ff08378dd83e84df74a9ce07f5105aa2
- SHA1
  
  2ba229ede6c3b0a53e966d6f491e556b8b9efe72
- SHA256
  
  994fbd9bbcb4586bcc97a0c0fb48f08b3af8acac284624c84d2d102fb1f3762e
- SHA512
  
  f09ce3a2e8a21979c8d8060ee8206cc6d4146a80176a3f243f35fa0f8f021ec349fb3474ff0635c3543092c34ad6bcb5898895c37d05763f6945fc42fa8ca1fc
- SSDEEP
  
  768:0cOoejkNcs+kozxpxWMjcXocyNumLu8J7icjo:0WejkNcsuzxpxWbYT1u
Score

10^/10

revengerat nyancatrevenge trojan
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Blocklisted process makes network request
- Suspicious use of SetThreadContext
behavioral3 behavioral4
- Target
  
  Solicitacao n 3422022.ppa
- Size
  
  88KB
- MD5
  
  ff08378dd83e84df74a9ce07f5105aa2
- SHA1
  
  2ba229ede6c3b0a53e966d6f491e556b8b9efe72
- SHA256
  
  994fbd9bbcb4586bcc97a0c0fb48f08b3af8acac284624c84d2d102fb1f3762e
- SHA512
  
  f09ce3a2e8a21979c8d8060ee8206cc6d4146a80176a3f243f35fa0f8f021ec349fb3474ff0635c3543092c34ad6bcb5898895c37d05763f6945fc42fa8ca1fc
- SSDEEP
  
  768:0cOoejkNcs+kozxpxWMjcXocyNumLu8J7icjo:0WejkNcsuzxpxWbYT1u
Score

10^/10

revengerat nyancatrevenge trojan
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Blocklisted process makes network request
- Suspicious use of SetThreadContext
behavioral5 behavioral6

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

macromacro_on_action

behavioral1

revengeratnyancatrevengetrojan

behavioral2

revengeratnyancatrevengetrojan

behavioral3

revengeratnyancatrevengetrojan

behavioral4

revengeratnyancatrevengetrojan

behavioral5

revengeratnyancatrevengetrojan

behavioral6

revengeratnyancatrevengetrojan