revengerat | 0baced14fbfd61568c6aceefe45ae91a5c5bade3caba35a195e4545cf282c09c | Triage

Submit
Reports

Overview

overview

Static

static

1

013fefe191...a.ppam

windows7-x64

013fefe191...a.ppam

windows10-2004-x64

Sharing

General

Target

7e0c3f4ee3bb201339b0be1e73142374.bin
Size

27KB
Sample

240418-bwyqfage51
MD5

cec9dd43a59d80dcbc1747bcaefed90e
SHA1

354e78fd199a27a3445e0270f2fbca0d30617aec
SHA256

0baced14fbfd61568c6aceefe45ae91a5c5bade3caba35a195e4545cf282c09c
SHA512

0c2001e8a6733a52b1260c2258e75f60bf6d512282797c1d776f59f5267cc3d6739041198e71797caa1cf1ae7704d46838d6985fd88c6d3f92ef934a806c8a2d
SSDEEP

768:2Zr/spD2+3yw6YqRT35eKRcZspEHxeh+nTtBW:4spb3yw1kJRcZspEshknW

Score

10^/10

revengerat nyancatrevenge trojan

Static task

static1

Behavioral task

behavioral1

Sample

013fefe1917cdeedc66a5e4bee5417894491591296a91a507224ae5af9618cda.ppam

Resource

win7-20240221-en

revengerat nyancatrevenge trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

013fefe1917cdeedc66a5e4bee5417894491591296a91a507224ae5af9618cda.ppam

Resource

win10v2004-20240412-en

revengerat nyancatrevenge trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

revengerat

Botnet

NyanCatRevenge

C2

craxsrat.ddns.com.br:333

Mutex

27d7e6701f5e

Targets

- Target
  
  013fefe1917cdeedc66a5e4bee5417894491591296a91a507224ae5af9618cda.ppam
- Size
  
  28KB
- MD5
  
  7e0c3f4ee3bb201339b0be1e73142374
- SHA1
  
  bb1dbdfd0cbbdb0f33dba0502d896224ba567680
- SHA256
  
  013fefe1917cdeedc66a5e4bee5417894491591296a91a507224ae5af9618cda
- SHA512
  
  5398377cd90f8aa3b8834eef60fcf438c9eeed154e78447b902e04b1f5071726aa03c2bcca5280da1c8e06649b9a01f7645638ae6cd09f8a68f69fe41f299da4
- SSDEEP
  
  768:VPKiNgILNl1pb2GdSXlWEsusK+oCx7oho6n7vtxUkO:VC6vgIS4tokyH7lmkO
Score

10^/10

revengerat nyancatrevenge trojan
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Blocklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

revengeratnyancatrevengetrojan

behavioral2

revengeratnyancatrevengetrojan

© 2018-2024

Terms | Privacy