Overview

overview

10

Static

static

1

detalhes r...s.ppam

windows7-x64

10

detalhes r...s.ppam

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    detalhes relevantes.ppam

  • Size

    44KB

  • Sample

    240806-wpqfpswbnn

  • MD5

    145d6e35667384492691a6126aafb7f9

  • SHA1

    c5ea7454057d62517ed3ffa842948b9d6b7ebdc8

  • SHA256

    be04b4d5018ac364eff7c93f1c211a1e03d59c49a6c2fecc406254b89716d4f4

  • SHA512

    f402a0ccbb4e91a71648e149f4b76f1b3d2e1c81a8d1cbf0f22fdf5763b1bbaf36bf916c441364e922c2343fb27189f7d653dd2db5c4767a2511ab464a5f676d

  • SSDEEP

    768:VP1rEyUexTfIrlTcpSsSs8I2PPHhbk0fBIhVmm2NTXNopBwseX4e1DeBE3dDLqM/:VtlUexzwor4PFkUBIhVgNTKpBYP1FXqe

Score
10/10
revengeratnyancatrevengediscoverytrojan

Malware Config

Extracted

Family

revengerat

Botnet

NyanCatRevenge

C2

18.228.173.171:5222

Mutex

8b39f6245ef24a80

Targets

    • Target

      detalhes relevantes.ppam

    • Size

      44KB

    • MD5

      145d6e35667384492691a6126aafb7f9

    • SHA1

      c5ea7454057d62517ed3ffa842948b9d6b7ebdc8

    • SHA256

      be04b4d5018ac364eff7c93f1c211a1e03d59c49a6c2fecc406254b89716d4f4

    • SHA512

      f402a0ccbb4e91a71648e149f4b76f1b3d2e1c81a8d1cbf0f22fdf5763b1bbaf36bf916c441364e922c2343fb27189f7d653dd2db5c4767a2511ab464a5f676d

    • SSDEEP

      768:VP1rEyUexTfIrlTcpSsSs8I2PPHhbk0fBIhVmm2NTXNopBwseX4e1DeBE3dDLqM/:VtlUexzwor4PFkUBIhVgNTKpBYP1FXqe

    Score
    10/10
    revengeratnyancatrevengediscoverytrojan

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

      trojanrevengerat

    • Blocklisted process makes network request

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks