revengerat | b95150133b363d7e6efde6c2816b904860672a31849514cfaadb9cdc784c0078 | Triage

Sharing

General

Target

bec0d3342ddf6b27609bfaf195adffff_JaffaCakes118
Size

45KB
Sample

240824-re4hcsvgqp
MD5

bec0d3342ddf6b27609bfaf195adffff
SHA1

f17a8e8a65bf4a2c20e61d6a86fa78221582ce87
SHA256

b95150133b363d7e6efde6c2816b904860672a31849514cfaadb9cdc784c0078
SHA512

c742488e857ebdbc63b2d215396de1dc782f37f38d2248bcdf3e272a227ccaee7d340e3aed391c6b5f0939d283bb5c68c70159d1041a9bf1a3c689186153c119
SSDEEP

384:hqjAwRiFS+KgOT6UpEK2UEuXXOTKIV6VrKHiPpPeQkNUCLhnIoe3a57pk2bpu6GP:OXw1cksHOTKIV6VrKaqJIdsDcOTMGLE

Score

10^/10

revengerat nyancatrevenge execution

Malware Config

Extracted

Family

revengerat

Botnet

NyanCatRevenge

C2

softprodaction.duckdns.org:2018

Mutex

pHXJvbCGPPiC

Targets

- Target
  
  bec0d3342ddf6b27609bfaf195adffff_JaffaCakes118
- Size
  
  45KB
- MD5
  
  bec0d3342ddf6b27609bfaf195adffff
- SHA1
  
  f17a8e8a65bf4a2c20e61d6a86fa78221582ce87
- SHA256
  
  b95150133b363d7e6efde6c2816b904860672a31849514cfaadb9cdc784c0078
- SHA512
  
  c742488e857ebdbc63b2d215396de1dc782f37f38d2248bcdf3e272a227ccaee7d340e3aed391c6b5f0939d283bb5c68c70159d1041a9bf1a3c689186153c119
- SSDEEP
  
  384:hqjAwRiFS+KgOT6UpEK2UEuXXOTKIV6VrKHiPpPeQkNUCLhnIoe3a57pk2bpu6GP:OXw1cksHOTKIV6VrKaqJIdsDcOTMGLE
Score

3^/10

execution
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

nyancatrevengerevengerat

behavioral1

behavioral2