Overview

overview

10

Static

static

1

26082024_0...e.ppam

windows7-x64

10

26082024_0...e.ppam

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    26082024_0930_Documentacao e embarque.ppam

  • Size

    28KB

  • Sample

    240826-lgv14sycml

  • MD5

    611017e71f6a61eed28e687918d303a2

  • SHA1

    a1fd8915e3acecc84bf6d2e03f069d2670d9c52a

  • SHA256

    3ecc5f6014a056385e0c479b9eae55465faebf46232c1ee69c33dfd74618e1a1

  • SHA512

    53dc0e4561f78ef7c2f9fc0fea54efe1776face2df3b1df1a94d9164917647d08ad8304b2706c0fba00443afa745612a1c4f2fa1be3762ecd146d2566ae17061

  • SSDEEP

    768:VP6H0wZxRDNiAbnHPyULqU4Qq/wiGyLcSyd:VyNp0WnvyULqU4Qq/wXHSyd

Score
10/10
revengeratnyancatrevengediscoverytrojan

Malware Config

Extracted

Family

revengerat

Botnet

NyanCatRevenge

C2

18.228.165.84:3333

Mutex

788bf014999d4ae8929

Targets

    • Target

      26082024_0930_Documentacao e embarque.ppam

    • Size

      28KB

    • MD5

      611017e71f6a61eed28e687918d303a2

    • SHA1

      a1fd8915e3acecc84bf6d2e03f069d2670d9c52a

    • SHA256

      3ecc5f6014a056385e0c479b9eae55465faebf46232c1ee69c33dfd74618e1a1

    • SHA512

      53dc0e4561f78ef7c2f9fc0fea54efe1776face2df3b1df1a94d9164917647d08ad8304b2706c0fba00443afa745612a1c4f2fa1be3762ecd146d2566ae17061

    • SSDEEP

      768:VP6H0wZxRDNiAbnHPyULqU4Qq/wiGyLcSyd:VyNp0WnvyULqU4Qq/wXHSyd

    Score
    10/10
    revengeratnyancatrevengediscoverytrojan

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

      trojanrevengerat

    • Blocklisted process makes network request

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks