General

  • Target

    00026391087.ppam

  • Size

    27KB

  • Sample

    240827-sngkmayepn

  • MD5

    e114626af1e6f60e4e0eab0da05d01e7

  • SHA1

    b200f0ce036bb5cadce0d8d5d364413f3e7902a6

  • SHA256

    fa7701d082ff43c66e853a8cc0949bce6d2837f4190def5b75f631be0006f59a

  • SHA512

    b07441656c51355d07eca4f88b86c60b86d71397ea20c3550d4492dfcfc1949190b2bf85c7709d22c715752a54501146c57623078935e4a2bccde044a5e86a2e

  • SSDEEP

    768:VPk/BU66pEhHEZzMDbO/bZlqf4CLDu0We:VkU66KhHEZzMDCDHq4w60We

Malware Config

Extracted

Family

revengerat

Botnet

NyanCatRevenge

C2

18.228.165.84:3333

Mutex

788bf014999d4ae8929

Targets

    • Target

      00026391087.ppam

    • Size

      27KB

    • MD5

      e114626af1e6f60e4e0eab0da05d01e7

    • SHA1

      b200f0ce036bb5cadce0d8d5d364413f3e7902a6

    • SHA256

      fa7701d082ff43c66e853a8cc0949bce6d2837f4190def5b75f631be0006f59a

    • SHA512

      b07441656c51355d07eca4f88b86c60b86d71397ea20c3550d4492dfcfc1949190b2bf85c7709d22c715752a54501146c57623078935e4a2bccde044a5e86a2e

    • SSDEEP

      768:VPk/BU66pEhHEZzMDbO/bZlqf4CLDu0We:VkU66KhHEZzMDCDHq4w60We

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

    • Blocklisted process makes network request

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks