revengerat | be04b4d5018ac364eff7c93f1c211a1e03d59c49a6c2fecc406254b89716d4f4 | Triage

Submit
Reports

Overview

overview

Static

static

1

be04b4d501...4.ppam

windows7-x64

be04b4d501...4.ppam

windows10-2004-x64

Sharing

General

Target

be04b4d5018ac364eff7c93f1c211a1e03d59c49a6c2fecc406254b89716d4f4.ppam
Size

44KB
Sample

240807-chk3vsxgrp
MD5

145d6e35667384492691a6126aafb7f9
SHA1

c5ea7454057d62517ed3ffa842948b9d6b7ebdc8
SHA256

be04b4d5018ac364eff7c93f1c211a1e03d59c49a6c2fecc406254b89716d4f4
SHA512

f402a0ccbb4e91a71648e149f4b76f1b3d2e1c81a8d1cbf0f22fdf5763b1bbaf36bf916c441364e922c2343fb27189f7d653dd2db5c4767a2511ab464a5f676d
SSDEEP

768:VP1rEyUexTfIrlTcpSsSs8I2PPHhbk0fBIhVmm2NTXNopBwseX4e1DeBE3dDLqM/:VtlUexzwor4PFkUBIhVgNTKpBYP1FXqe

Score

10^/10

revengerat nyancatrevenge discovery trojan

Static task

static1

Behavioral task

behavioral1

Sample

be04b4d5018ac364eff7c93f1c211a1e03d59c49a6c2fecc406254b89716d4f4.ppam

Resource

win7-20240704-en

revengerat nyancatrevenge discovery trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

be04b4d5018ac364eff7c93f1c211a1e03d59c49a6c2fecc406254b89716d4f4.ppam

Resource

win10v2004-20240802-en

revengerat nyancatrevenge discovery trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

revengerat

Botnet

NyanCatRevenge

C2

18.228.173.171:5222

Mutex

8b39f6245ef24a80

Targets

- Target
  
  be04b4d5018ac364eff7c93f1c211a1e03d59c49a6c2fecc406254b89716d4f4.ppam
- Size
  
  44KB
- MD5
  
  145d6e35667384492691a6126aafb7f9
- SHA1
  
  c5ea7454057d62517ed3ffa842948b9d6b7ebdc8
- SHA256
  
  be04b4d5018ac364eff7c93f1c211a1e03d59c49a6c2fecc406254b89716d4f4
- SHA512
  
  f402a0ccbb4e91a71648e149f4b76f1b3d2e1c81a8d1cbf0f22fdf5763b1bbaf36bf916c441364e922c2343fb27189f7d653dd2db5c4767a2511ab464a5f676d
- SSDEEP
  
  768:VP1rEyUexTfIrlTcpSsSs8I2PPHhbk0fBIhVmm2NTXNopBwseX4e1DeBE3dDLqM/:VtlUexzwor4PFkUBIhVgNTKpBYP1FXqe
Score

10^/10

revengerat nyancatrevenge discovery trojan
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Blocklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

revengeratnyancatrevengediscoverytrojan

behavioral2

revengeratnyancatrevengediscoverytrojan

© 2018-2025

Terms | Privacy