revengerat | a0c62d117ca24a43bc6ca8d4fd841429827728d46aed60ae0c1dd93e7d44c4c7 | Triage

Submit
Reports

Overview

overview

Static

static

1

a0c62d117c...7.ppam

windows7-x64

a0c62d117c...7.ppam

windows10-2004-x64

Sharing

General

Target

a0c62d117ca24a43bc6ca8d4fd841429827728d46aed60ae0c1dd93e7d44c4c7.ppam
Size

34KB
Sample

240821-mv1destgqd
MD5

e6c62c08bcf6e855dcc57d4672f35f22
SHA1

1a314ad57695bc7c1eb5a56069680ba504bcd63d
SHA256

a0c62d117ca24a43bc6ca8d4fd841429827728d46aed60ae0c1dd93e7d44c4c7
SHA512

8d5bf322c93f8cbe4802b21b6a6151d57406eb600490d90d29eeee1485ffa80d643a3a4cabdff81b0789f2d4014178ee66be1087382d8c0972a324dabd249108
SSDEEP

768:VPJJIjv1RFbo18t+HpTa1lzv5Z4G2rQdSss+0WfqQ:VxJITFU8sEjv5krKS80Sl

Score

10^/10

revengerat nyancatrevenge discovery trojan

Static task

static1

Behavioral task

behavioral1

Sample

a0c62d117ca24a43bc6ca8d4fd841429827728d46aed60ae0c1dd93e7d44c4c7.ppam

Resource

win7-20240708-en

revengerat nyancatrevenge discovery trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

a0c62d117ca24a43bc6ca8d4fd841429827728d46aed60ae0c1dd93e7d44c4c7.ppam

Resource

win10v2004-20240802-en

revengerat nyancatrevenge discovery trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

revengerat

Botnet

NyanCatRevenge

C2

18.228.165.84:3333

Mutex

788bf014999d4ae8929

Targets

- Target
  
  a0c62d117ca24a43bc6ca8d4fd841429827728d46aed60ae0c1dd93e7d44c4c7.ppam
- Size
  
  34KB
- MD5
  
  e6c62c08bcf6e855dcc57d4672f35f22
- SHA1
  
  1a314ad57695bc7c1eb5a56069680ba504bcd63d
- SHA256
  
  a0c62d117ca24a43bc6ca8d4fd841429827728d46aed60ae0c1dd93e7d44c4c7
- SHA512
  
  8d5bf322c93f8cbe4802b21b6a6151d57406eb600490d90d29eeee1485ffa80d643a3a4cabdff81b0789f2d4014178ee66be1087382d8c0972a324dabd249108
- SSDEEP
  
  768:VPJJIjv1RFbo18t+HpTa1lzv5Z4G2rQdSss+0WfqQ:VxJITFU8sEjv5krKS80Sl
Score

10^/10

revengerat nyancatrevenge discovery trojan
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Blocklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

revengeratnyancatrevengediscoverytrojan

behavioral2

revengeratnyancatrevengediscoverytrojan

© 2018-2025

Terms | Privacy