revengerat | fc0a96e635fa296eedf0e58cd84ec60e267dd5008e6129449ed62993e00c2e38 | Triage

Submit
Reports

Overview

overview

Static

static

1

fc0a96e635...8.ppam

windows7-x64

fc0a96e635...8.ppam

windows10-2004-x64

Sharing

General

Target

fc0a96e635fa296eedf0e58cd84ec60e267dd5008e6129449ed62993e00c2e38.ppam
Size

23KB
Sample

240828-c1wbjstbnr
MD5

855e7ea279a05bb5fa3551d56a830a1b
SHA1

a22cda2ccd4a95a8ccd1510d2f2e7f3d7111d0ae
SHA256

fc0a96e635fa296eedf0e58cd84ec60e267dd5008e6129449ed62993e00c2e38
SHA512

0e8e722ff0f703f74712a79cf4d156ebd1cf5c6731c07589965b058641881e75765b324d29cec1b11b07e88e7080b644d030ece1faaa8675607d462cceb63e8f
SSDEEP

384:dXPcqNJ0PQPGKRrznsrD9t9WrXcuikodj6WG6XRV+7AkmgcsdzJY9t9rqrw13rtr:VPc8GK9n49KDcPkmODMw71msfYVrhBV

Score

10^/10

revengerat nyancatrevenge discovery trojan

Static task

static1

Behavioral task

behavioral1

Sample

fc0a96e635fa296eedf0e58cd84ec60e267dd5008e6129449ed62993e00c2e38.ppam

Resource

win7-20240704-en

revengerat nyancatrevenge discovery trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

fc0a96e635fa296eedf0e58cd84ec60e267dd5008e6129449ed62993e00c2e38.ppam

Resource

win10v2004-20240802-en

revengerat nyancatrevenge discovery trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

revengerat

Botnet

NyanCatRevenge

C2

18.228.165.84:3333

Mutex

788bf014999d4ae8929

Targets

- Target
  
  fc0a96e635fa296eedf0e58cd84ec60e267dd5008e6129449ed62993e00c2e38.ppam
- Size
  
  23KB
- MD5
  
  855e7ea279a05bb5fa3551d56a830a1b
- SHA1
  
  a22cda2ccd4a95a8ccd1510d2f2e7f3d7111d0ae
- SHA256
  
  fc0a96e635fa296eedf0e58cd84ec60e267dd5008e6129449ed62993e00c2e38
- SHA512
  
  0e8e722ff0f703f74712a79cf4d156ebd1cf5c6731c07589965b058641881e75765b324d29cec1b11b07e88e7080b644d030ece1faaa8675607d462cceb63e8f
- SSDEEP
  
  384:dXPcqNJ0PQPGKRrznsrD9t9WrXcuikodj6WG6XRV+7AkmgcsdzJY9t9rqrw13rtr:VPc8GK9n49KDcPkmODMw71msfYVrhBV
Score

10^/10

revengerat nyancatrevenge discovery trojan
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Blocklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

revengeratnyancatrevengediscoverytrojan

behavioral2

revengeratnyancatrevengediscoverytrojan

© 2018-2024

Terms | Privacy