General

  • Target

    7d0497c05e8d919fec5641334cbfd638b10e23674e04abbd71df4556917861d2.ppam

  • Size

    27KB

  • Sample

    240828-smwcdsvgmn

  • MD5

    c3313364d3a12339eb5f77410bb0a31a

  • SHA1

    a496f4f079f45ccef67715a51a2ad8185fee9ce3

  • SHA256

    7d0497c05e8d919fec5641334cbfd638b10e23674e04abbd71df4556917861d2

  • SHA512

    2337e7996a67a60c8ba679167a20bccb82a334eaf88d85e5dc7486125809acbebf6772ff1cf439a95cb01c0afa5d460b804fe3cc3174f76305b3cde946bddd2c

  • SSDEEP

    768:VPc2teKCz5J61JLDgJOabcssG8bKR8QJTkM5xRh:VO36XL9abcskE5x/

Malware Config

Extracted

Family

revengerat

Botnet

NyanCatRevenge

C2

18.228.165.84:3333

Mutex

788bf014999d4ae8929

Targets

    • Target

      7d0497c05e8d919fec5641334cbfd638b10e23674e04abbd71df4556917861d2.ppam

    • Size

      27KB

    • MD5

      c3313364d3a12339eb5f77410bb0a31a

    • SHA1

      a496f4f079f45ccef67715a51a2ad8185fee9ce3

    • SHA256

      7d0497c05e8d919fec5641334cbfd638b10e23674e04abbd71df4556917861d2

    • SHA512

      2337e7996a67a60c8ba679167a20bccb82a334eaf88d85e5dc7486125809acbebf6772ff1cf439a95cb01c0afa5d460b804fe3cc3174f76305b3cde946bddd2c

    • SSDEEP

      768:VPc2teKCz5J61JLDgJOabcssG8bKR8QJTkM5xRh:VO36XL9abcskE5x/

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

    • Blocklisted process makes network request

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks