revengerat | ac0f1be789f3f35ce6e6482c574f29bdaa51b67fb5dd868688cbc070a5128bac | Triage

Submit
Reports

Overview

overview

Static

static

1

ac0f1be789...c.ppam

windows7-x64

ac0f1be789...c.ppam

windows10-2004-x64

Sharing

General

Target

ac0f1be789f3f35ce6e6482c574f29bdaa51b67fb5dd868688cbc070a5128bac.ppam
Size

27KB
Sample

240828-st5jmswapk
MD5

9abe6399117db22ab034d5f0e5a10405
SHA1

dd50c7810bdb8e984abb9be6621800859080de74
SHA256

ac0f1be789f3f35ce6e6482c574f29bdaa51b67fb5dd868688cbc070a5128bac
SHA512

78abc8d8e1e70087f4d3530c8797d348714c3f4f0d31fcd5e8537c71a04f466d92f647b31a6134b3b3e940dabf760e26ec9fc3d0a79cf119230e7c61a11a3a5d
SSDEEP

768:VPSyPjnMWWhFevmEnIaxMUisHSrczYGnp:Vqy7nMrFaPB+UtHSIzYGp

Score

10^/10

revengerat nyancatrevenge discovery trojan

Static task

static1

Behavioral task

behavioral1

Sample

ac0f1be789f3f35ce6e6482c574f29bdaa51b67fb5dd868688cbc070a5128bac.ppam

Resource

win7-20240708-en

revengerat nyancatrevenge discovery trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

ac0f1be789f3f35ce6e6482c574f29bdaa51b67fb5dd868688cbc070a5128bac.ppam

Resource

win10v2004-20240802-en

revengerat nyancatrevenge discovery trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

revengerat

Botnet

NyanCatRevenge

C2

18.228.165.84:3333

Mutex

788bf014999d4ae8929

Targets

- Target
  
  ac0f1be789f3f35ce6e6482c574f29bdaa51b67fb5dd868688cbc070a5128bac.ppam
- Size
  
  27KB
- MD5
  
  9abe6399117db22ab034d5f0e5a10405
- SHA1
  
  dd50c7810bdb8e984abb9be6621800859080de74
- SHA256
  
  ac0f1be789f3f35ce6e6482c574f29bdaa51b67fb5dd868688cbc070a5128bac
- SHA512
  
  78abc8d8e1e70087f4d3530c8797d348714c3f4f0d31fcd5e8537c71a04f466d92f647b31a6134b3b3e940dabf760e26ec9fc3d0a79cf119230e7c61a11a3a5d
- SSDEEP
  
  768:VPSyPjnMWWhFevmEnIaxMUisHSrczYGnp:Vqy7nMrFaPB+UtHSIzYGp
Score

10^/10

revengerat nyancatrevenge discovery trojan
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Blocklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

revengeratnyancatrevengediscoverytrojan

behavioral2

revengeratnyancatrevengediscoverytrojan

© 2018-2024

Terms | Privacy