General

  • Target

    cd1c1ef1ce2641a72af51aca4e79f948f3f04ca5d5571f970eb6b51ff8a9f998.ppam

  • Size

    23KB

  • Sample

    240828-crzyda1ekh

  • MD5

    79d4a100a004c833d0b39729928e682a

  • SHA1

    d736bfbf63c900f4589ad2bdcdbe32dcec92782a

  • SHA256

    cd1c1ef1ce2641a72af51aca4e79f948f3f04ca5d5571f970eb6b51ff8a9f998

  • SHA512

    34140113cc40c374f3bafff7efaf366e1b99d821b36533eb9ab470df601a2e22e7f2cbef50803aece7d26ab6e36f913a9b69c21cc193b400d77e4aabd754471b

  • SSDEEP

    384:dXP0EFoPvVYuAGxSD4FOSY6nk7fQ/9aQpQy0Y7hn1JphgRazq3983hEdKm5e/Df4:VP0EFoPNYuALkXk7fQ/9/b0g1Vwv3yhs

Malware Config

Extracted

Family

revengerat

Botnet

NyanCatRevenge

C2

18.228.165.84:3333

Mutex

788bf014999d4ae8929

Targets

    • Target

      cd1c1ef1ce2641a72af51aca4e79f948f3f04ca5d5571f970eb6b51ff8a9f998.ppam

    • Size

      23KB

    • MD5

      79d4a100a004c833d0b39729928e682a

    • SHA1

      d736bfbf63c900f4589ad2bdcdbe32dcec92782a

    • SHA256

      cd1c1ef1ce2641a72af51aca4e79f948f3f04ca5d5571f970eb6b51ff8a9f998

    • SHA512

      34140113cc40c374f3bafff7efaf366e1b99d821b36533eb9ab470df601a2e22e7f2cbef50803aece7d26ab6e36f913a9b69c21cc193b400d77e4aabd754471b

    • SSDEEP

      384:dXP0EFoPvVYuAGxSD4FOSY6nk7fQ/9aQpQy0Y7hn1JphgRazq3983hEdKm5e/Df4:VP0EFoPNYuALkXk7fQ/9/b0g1Vwv3yhs

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

    • Blocklisted process makes network request

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks