revengerat | 8efe3749795b941620cf595c0eef35b77670a7b80bd9e9c65efc377a75d78499 | Triage

Submit
Reports

Overview

overview

Static

static

1

7e03e0cd53...6.ppam

windows7-x64

7e03e0cd53...6.ppam

windows10-2004-x64

Sharing

General

Target

8efe3749795b941620cf595c0eef35b77670a7b80bd9e9c65efc377a75d78499
Size

40KB
Sample

240807-mkzzxazhng
MD5

a8bde0442ad2b077d9b6b34d63e1b92d
SHA1

7f51e590638fdf78ea5a9f925eeefe150ca3b1a1
SHA256

8efe3749795b941620cf595c0eef35b77670a7b80bd9e9c65efc377a75d78499
SHA512

a33b2c44f9dd2bf532dbe19b66704bf449995a18663552687b9c0de2449f23a04b90ee5145fe9f44918f2a4bc9c768847dbe6b6d74fee801ef0e8613a6d74a96
SSDEEP

768:bHw8LkURxvnjN3qFyCGF5jRtHXhBylVTwny2aU+EDEAYha5WdXg3:bQ8IonExGXl8jF2aUsAYh+Wy3

Score

10^/10

revengerat nyancatrevenge discovery trojan

Static task

static1

Behavioral task

behavioral1

Sample

7e03e0cd53a9cb342d2fd8f709351618fcd6b79eff3d5e88705a699c28e6a9c6.ppam

Resource

win7-20240704-en

revengerat nyancatrevenge discovery trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

7e03e0cd53a9cb342d2fd8f709351618fcd6b79eff3d5e88705a699c28e6a9c6.ppam

Resource

win10v2004-20240802-en

revengerat nyancatrevenge discovery trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

revengerat

Botnet

NyanCatRevenge

C2

18.228.173.171:5222

Mutex

8b39f6245ef24a80

Targets

- Target
  
  7e03e0cd53a9cb342d2fd8f709351618fcd6b79eff3d5e88705a699c28e6a9c6.ppam
- Size
  
  42KB
- MD5
  
  d8054ddc67b3d0d3e1f1aa109a3d5e7c
- SHA1
  
  58a0b86134040cbed1da7c37a47dfe40b8f3e265
- SHA256
  
  7e03e0cd53a9cb342d2fd8f709351618fcd6b79eff3d5e88705a699c28e6a9c6
- SHA512
  
  29b7267bda6d5061526331cc8123ed8af3fbe441d739e0fc27184ab0342b06b3cab6360a6f5bac664d86a69b26897b195a0ebc7167145b4e22fba2891fa39b1a
- SSDEEP
  
  768:VPlcbastluOGcXwktQArcyIsZ0NV3poringSYdvy/2lUr29oOYc6:Vd47laitbhw38U46e02Za
Score

10^/10

revengerat nyancatrevenge discovery trojan
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Blocklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

revengeratnyancatrevengediscoverytrojan

behavioral2

revengeratnyancatrevengediscoverytrojan

© 2018-2025

Terms | Privacy