General

  • Target

    f0a08759c7ffcc5dc2be1c4406357e3e0d50db90d69c957140a5d5a96677d5d6.ppam

  • Size

    31KB

  • Sample

    240823-mh7xqsyele

  • MD5

    19dec27aebb0765515dce112629e6bf0

  • SHA1

    157f1b9b9a3cfee78e41a2ee7040c2c3d31acea9

  • SHA256

    f0a08759c7ffcc5dc2be1c4406357e3e0d50db90d69c957140a5d5a96677d5d6

  • SHA512

    ddaaf0fbc7b03d77595cfc1f5d4dbbeaf402716e72a9c44120759bf13905b26c9b63d68ec15305ca64cc0ca4d99846a135b4aff7075b6e574f3212435f9bd421

  • SSDEEP

    768:VPdLnd0SfrbXwc8594rrJqcIu4TVVSmdrUTXVHS1HbwHu:V5aSfrbXj8IrrpIu4SmdrUTg6u

Malware Config

Extracted

Family

revengerat

Botnet

NyanCatRevenge

C2

18.228.165.84:3333

Mutex

788bf014999d4ae8929

Targets

    • Target

      f0a08759c7ffcc5dc2be1c4406357e3e0d50db90d69c957140a5d5a96677d5d6.ppam

    • Size

      31KB

    • MD5

      19dec27aebb0765515dce112629e6bf0

    • SHA1

      157f1b9b9a3cfee78e41a2ee7040c2c3d31acea9

    • SHA256

      f0a08759c7ffcc5dc2be1c4406357e3e0d50db90d69c957140a5d5a96677d5d6

    • SHA512

      ddaaf0fbc7b03d77595cfc1f5d4dbbeaf402716e72a9c44120759bf13905b26c9b63d68ec15305ca64cc0ca4d99846a135b4aff7075b6e574f3212435f9bd421

    • SSDEEP

      768:VPdLnd0SfrbXwc8594rrJqcIu4TVVSmdrUTXVHS1HbwHu:V5aSfrbXj8IrrpIu4SmdrUTg6u

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

    • Blocklisted process makes network request

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks