General
-
Target
c9d30547f95342adddd7fc858c2b26bd7161e7c74d507659047810368cf09425.ppam
-
Size
42KB
-
Sample
240807-cl5xfa1gqa
-
MD5
433bdbd638bb73e32bbd0f09f5b65615
-
SHA1
9ada46ba3bf29a15c2fab966b34ff84eafc80e16
-
SHA256
c9d30547f95342adddd7fc858c2b26bd7161e7c74d507659047810368cf09425
-
SHA512
a6c6f9808b75cab61298720422d97b26c73d623a4c2a9e573a650cff05f10cafb162c2450d0fca9071ac850552268ff5556e958d9794b360c3ae61f4f6257d9b
-
SSDEEP
768:VPVv71ojMnlnxl+CwdBFvqEyvsFNDYg+qyfDuoDrC8v+fanxw3hcgd7hSFmq8:V9BTlb+bdrvMg+xC2ei+Cxw3Wc7hSc
Malware Config
Extracted
revengerat
NyanCatRevenge
18.228.173.171:5222
8b39f6245ef24a80
Targets
-
-
Target
c9d30547f95342adddd7fc858c2b26bd7161e7c74d507659047810368cf09425.ppam
-
Size
42KB
-
MD5
433bdbd638bb73e32bbd0f09f5b65615
-
SHA1
9ada46ba3bf29a15c2fab966b34ff84eafc80e16
-
SHA256
c9d30547f95342adddd7fc858c2b26bd7161e7c74d507659047810368cf09425
-
SHA512
a6c6f9808b75cab61298720422d97b26c73d623a4c2a9e573a650cff05f10cafb162c2450d0fca9071ac850552268ff5556e958d9794b360c3ae61f4f6257d9b
-
SSDEEP
768:VPVv71ojMnlnxl+CwdBFvqEyvsFNDYg+qyfDuoDrC8v+fanxw3hcgd7hSFmq8:V9BTlb+bdrvMg+xC2ei+Cxw3Wc7hSc
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
RevengeRAT
Remote-access trojan with a wide range of capabilities.
-
Blocklisted process makes network request
-
Suspicious use of SetThreadContext
-