General

  • Target

    d10fccc801f58792d0feab8d9014a71f4553a584bde1f00e32586944f955d3fd.ppam

  • Size

    23KB

  • Sample

    240720-pbzznasema

  • MD5

    aae8e2400a374294adcf96504f25180f

  • SHA1

    326f020fc3ec8a3bdcc27ba5d3d54df0029e6ff2

  • SHA256

    d10fccc801f58792d0feab8d9014a71f4553a584bde1f00e32586944f955d3fd

  • SHA512

    92afa4d86e30a7063f94b64e84ed99641a717b6a97888a2fbbb78b1da8662cbaedfe64b050047d8ba6cd1b542e2082b888e57077381d185e99f7f1e62e693eed

  • SSDEEP

    384:dXPNdo5nM3HC58UJzD6jHap59VcnksKLXHQxgIhSnH1xXcndqe+dQfmg:VPInM3Ih16DapOnksKjQxthGH1mdUQp

Malware Config

Extracted

Family

revengerat

Botnet

NyanCatRevenge

C2

lua.ddns.com.br:5222

Mutex

101f19215cac

Targets

    • Target

      d10fccc801f58792d0feab8d9014a71f4553a584bde1f00e32586944f955d3fd.ppam

    • Size

      23KB

    • MD5

      aae8e2400a374294adcf96504f25180f

    • SHA1

      326f020fc3ec8a3bdcc27ba5d3d54df0029e6ff2

    • SHA256

      d10fccc801f58792d0feab8d9014a71f4553a584bde1f00e32586944f955d3fd

    • SHA512

      92afa4d86e30a7063f94b64e84ed99641a717b6a97888a2fbbb78b1da8662cbaedfe64b050047d8ba6cd1b542e2082b888e57077381d185e99f7f1e62e693eed

    • SSDEEP

      384:dXPNdo5nM3HC58UJzD6jHap59VcnksKLXHQxgIhSnH1xXcndqe+dQfmg:VPInM3Ih16DapOnksKjQxthGH1mdUQp

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

    • Blocklisted process makes network request

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks