Overview

overview

10

Static

static

b2bd3de3e5...bb.exe

windows7_x64

10

b2bd3de3e5...bb.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b2bd3de3e5b0e35313263bef4b1ca49c5478d472f6d37d1070a57b1f6aa4f7bb

  • Size

    166KB

  • Sample

    201110-hjl78mwj2a

  • MD5

    30168bc8ecd55affc43b224091c6945f

  • SHA1

    e5cdc65b57a027d7123307ecaf12031bb789aed7

  • SHA256

    b2bd3de3e5b0e35313263bef4b1ca49c5478d472f6d37d1070a57b1f6aa4f7bb

  • SHA512

    60650f2779128ef54d648dbf8e83b5ed079aef99f23df5a29ec50e3672793e8a103214f03af4d74e132aa35cc099aab5eaa4f8e0a76f0878f591470f7bafb138

Score
10/10
revengeratnyancatrevengeevasionpersistencetrojan

Malware Config

Extracted

Family

revengerat

Botnet

NyanCatRevenge

C2

hpdndbnb.duckdns.org:2404

Mutex

90a49aa7c27647e

Targets

    • Target

      b2bd3de3e5b0e35313263bef4b1ca49c5478d472f6d37d1070a57b1f6aa4f7bb

    • Size

      166KB

    • MD5

      30168bc8ecd55affc43b224091c6945f

    • SHA1

      e5cdc65b57a027d7123307ecaf12031bb789aed7

    • SHA256

      b2bd3de3e5b0e35313263bef4b1ca49c5478d472f6d37d1070a57b1f6aa4f7bb

    • SHA512

      60650f2779128ef54d648dbf8e83b5ed079aef99f23df5a29ec50e3672793e8a103214f03af4d74e132aa35cc099aab5eaa4f8e0a76f0878f591470f7bafb138

    Score
    10/10
    revengeratnyancatrevengeevasionpersistencetrojan

    • Modifies WinLogon for persistence

      persistence

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

      trojanrevengerat

    • Turns off Windows Defender SpyNet reporting

      evasion

    • Windows security bypass

      evasiontrojan

    • Drops startup file

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

1
T1004

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

6
T1112

Disabling Security Tools

4
T1089

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks