revengerat | 7d0497c05e8d919fec5641334cbfd638b10e23674e04abbd71df4556917861d2 | Triage

Submit
Reports

Overview

overview

Static

static

1

7d0497c05e...2.ppam

windows7-x64

7d0497c05e...2.ppam

windows10-2004-x64

Sharing

General

Target

7d0497c05e8d919fec5641334cbfd638b10e23674e04abbd71df4556917861d2.ppam
Size

27KB
Sample

240828-cbbkvazgra
MD5

c3313364d3a12339eb5f77410bb0a31a
SHA1

a496f4f079f45ccef67715a51a2ad8185fee9ce3
SHA256

7d0497c05e8d919fec5641334cbfd638b10e23674e04abbd71df4556917861d2
SHA512

2337e7996a67a60c8ba679167a20bccb82a334eaf88d85e5dc7486125809acbebf6772ff1cf439a95cb01c0afa5d460b804fe3cc3174f76305b3cde946bddd2c
SSDEEP

768:VPc2teKCz5J61JLDgJOabcssG8bKR8QJTkM5xRh:VO36XL9abcskE5x/

Score

10^/10

revengerat nyancatrevenge discovery trojan

Static task

static1

Behavioral task

behavioral1

Sample

7d0497c05e8d919fec5641334cbfd638b10e23674e04abbd71df4556917861d2.ppam

Resource

win7-20240708-en

revengerat nyancatrevenge discovery trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

7d0497c05e8d919fec5641334cbfd638b10e23674e04abbd71df4556917861d2.ppam

Resource

win10v2004-20240802-en

revengerat nyancatrevenge discovery trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

revengerat

Botnet

NyanCatRevenge

C2

18.228.165.84:3333

Mutex

788bf014999d4ae8929

Targets

- Target
  
  7d0497c05e8d919fec5641334cbfd638b10e23674e04abbd71df4556917861d2.ppam
- Size
  
  27KB
- MD5
  
  c3313364d3a12339eb5f77410bb0a31a
- SHA1
  
  a496f4f079f45ccef67715a51a2ad8185fee9ce3
- SHA256
  
  7d0497c05e8d919fec5641334cbfd638b10e23674e04abbd71df4556917861d2
- SHA512
  
  2337e7996a67a60c8ba679167a20bccb82a334eaf88d85e5dc7486125809acbebf6772ff1cf439a95cb01c0afa5d460b804fe3cc3174f76305b3cde946bddd2c
- SSDEEP
  
  768:VPc2teKCz5J61JLDgJOabcssG8bKR8QJTkM5xRh:VO36XL9abcskE5x/
Score

10^/10

revengerat nyancatrevenge discovery trojan
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Blocklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

revengeratnyancatrevengediscoverytrojan

behavioral2

revengeratnyancatrevengediscoverytrojan

© 2018-2024

Terms | Privacy