General

  • Target

    OmnibeesReservas_2022067095.ppam

  • Size

    27KB

  • Sample

    240827-sngkmaxbkh

  • MD5

    9abe6399117db22ab034d5f0e5a10405

  • SHA1

    dd50c7810bdb8e984abb9be6621800859080de74

  • SHA256

    ac0f1be789f3f35ce6e6482c574f29bdaa51b67fb5dd868688cbc070a5128bac

  • SHA512

    78abc8d8e1e70087f4d3530c8797d348714c3f4f0d31fcd5e8537c71a04f466d92f647b31a6134b3b3e940dabf760e26ec9fc3d0a79cf119230e7c61a11a3a5d

  • SSDEEP

    768:VPSyPjnMWWhFevmEnIaxMUisHSrczYGnp:Vqy7nMrFaPB+UtHSIzYGp

Malware Config

Extracted

Family

revengerat

Botnet

NyanCatRevenge

C2

18.228.165.84:3333

Mutex

788bf014999d4ae8929

Targets

    • Target

      OmnibeesReservas_2022067095.ppam

    • Size

      27KB

    • MD5

      9abe6399117db22ab034d5f0e5a10405

    • SHA1

      dd50c7810bdb8e984abb9be6621800859080de74

    • SHA256

      ac0f1be789f3f35ce6e6482c574f29bdaa51b67fb5dd868688cbc070a5128bac

    • SHA512

      78abc8d8e1e70087f4d3530c8797d348714c3f4f0d31fcd5e8537c71a04f466d92f647b31a6134b3b3e940dabf760e26ec9fc3d0a79cf119230e7c61a11a3a5d

    • SSDEEP

      768:VPSyPjnMWWhFevmEnIaxMUisHSrczYGnp:Vqy7nMrFaPB+UtHSIzYGp

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

    • Blocklisted process makes network request

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks