General
-
Target
9e28142248bbb95bf6c66e1b53b080a72e51bdc2072741b401a4450dd51644ab.ppam
-
Size
26KB
-
Sample
240824-ksanwascmf
-
MD5
3795f414fbb682f1057af0812cae8a71
-
SHA1
8efdfd15634e16922a06a7e33646a57728fd9e64
-
SHA256
9e28142248bbb95bf6c66e1b53b080a72e51bdc2072741b401a4450dd51644ab
-
SHA512
3437cabf703b2ab55121c9112caa02640385ded13630239d0f392e68dd37a9d9437750434ad35f86f7c98da6ee4577b881b8d2bcd8965e9c5eb2e92289ab340a
-
SSDEEP
384:dXPZzJt2FTlJFNahWgNjCiUDwvRge0BX/Bht5EopLiQKyOsBybZlzU+Oi:VPZ1t29lJFNKXNeiqe0N/d5Dp3KugSi
Malware Config
Extracted
revengerat
NyanCatRevenge
18.228.165.84:3333
788bf014999d4ae8929
Targets
-
-
Target
9e28142248bbb95bf6c66e1b53b080a72e51bdc2072741b401a4450dd51644ab.ppam
-
Size
26KB
-
MD5
3795f414fbb682f1057af0812cae8a71
-
SHA1
8efdfd15634e16922a06a7e33646a57728fd9e64
-
SHA256
9e28142248bbb95bf6c66e1b53b080a72e51bdc2072741b401a4450dd51644ab
-
SHA512
3437cabf703b2ab55121c9112caa02640385ded13630239d0f392e68dd37a9d9437750434ad35f86f7c98da6ee4577b881b8d2bcd8965e9c5eb2e92289ab340a
-
SSDEEP
384:dXPZzJt2FTlJFNahWgNjCiUDwvRge0BX/Bht5EopLiQKyOsBybZlzU+Oi:VPZ1t29lJFNKXNeiqe0N/d5Dp3KugSi
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
RevengeRAT
Remote-access trojan with a wide range of capabilities.
-
Blocklisted process makes network request
-
Suspicious use of SetThreadContext
-