revengerat | fb2da9f629fd5c61ab198a079218e281b5c32be693b733cb63eaaf07203a2b65

General

Target

fb2da9f629fd5c61ab198a079218e281b5c32be693b733cb63eaaf07203a2b65.exe
Size

556KB
MD5

5dac4954e8c9d4415b14e0e80fc1b409
SHA1

324235096176442eead12015467597c175f1b002
SHA256

fb2da9f629fd5c61ab198a079218e281b5c32be693b733cb63eaaf07203a2b65
SHA512

ffdb33904be0297e97bd29b0e83a2a0ba9c2952219e8364edaf420cf8d3ae61ffc017e17b53f1acac3d57448715c5c6fc59adef6b127408493ac308b94ffe662

Score

10^/10

revengerat nyancatrevenge trojan

Malware Config

Extracted

Family

revengerat

Botnet

NyanCatRevenge

C2

github-58677.portmap.io:58677

Mutex

d9b2ac78f4944456

Signatures

RevengeRAT
Remote-access trojan with a wide range of capabilities.
trojan revengerat

Suspicious use of SetThreadContext 1 IoCs

Processes:

fb2da9f629fd5c61ab198a079218e281b5c32be693b733cb63eaaf07203a2b65.exe

description	pid	process	target process
PID 1556 set thread context of 1140	1556	fb2da9f629fd5c61ab198a079218e281b5c32be693b733cb63eaaf07203a2b65.exe	fb2da9f629fd5c61ab198a079218e281b5c32be693b733cb63eaaf07203a2b65.exe

Suspicious use of WriteProcessMemory 9 IoCs

Processes:

fb2da9f629fd5c61ab198a079218e281b5c32be693b733cb63eaaf07203a2b65.exe

description	pid	process	target process
PID 1556 wrote to memory of 1140	1556	fb2da9f629fd5c61ab198a079218e281b5c32be693b733cb63eaaf07203a2b65.exe	fb2da9f629fd5c61ab198a079218e281b5c32be693b733cb63eaaf07203a2b65.exe
PID 1556 wrote to memory of 1140	1556	fb2da9f629fd5c61ab198a079218e281b5c32be693b733cb63eaaf07203a2b65.exe	fb2da9f629fd5c61ab198a079218e281b5c32be693b733cb63eaaf07203a2b65.exe
PID 1556 wrote to memory of 1140	1556	fb2da9f629fd5c61ab198a079218e281b5c32be693b733cb63eaaf07203a2b65.exe	fb2da9f629fd5c61ab198a079218e281b5c32be693b733cb63eaaf07203a2b65.exe
PID 1556 wrote to memory of 1140	1556	fb2da9f629fd5c61ab198a079218e281b5c32be693b733cb63eaaf07203a2b65.exe	fb2da9f629fd5c61ab198a079218e281b5c32be693b733cb63eaaf07203a2b65.exe
PID 1556 wrote to memory of 1140	1556	fb2da9f629fd5c61ab198a079218e281b5c32be693b733cb63eaaf07203a2b65.exe	fb2da9f629fd5c61ab198a079218e281b5c32be693b733cb63eaaf07203a2b65.exe
PID 1556 wrote to memory of 1140	1556	fb2da9f629fd5c61ab198a079218e281b5c32be693b733cb63eaaf07203a2b65.exe	fb2da9f629fd5c61ab198a079218e281b5c32be693b733cb63eaaf07203a2b65.exe
PID 1556 wrote to memory of 1140	1556	fb2da9f629fd5c61ab198a079218e281b5c32be693b733cb63eaaf07203a2b65.exe	fb2da9f629fd5c61ab198a079218e281b5c32be693b733cb63eaaf07203a2b65.exe
PID 1556 wrote to memory of 1140	1556	fb2da9f629fd5c61ab198a079218e281b5c32be693b733cb63eaaf07203a2b65.exe	fb2da9f629fd5c61ab198a079218e281b5c32be693b733cb63eaaf07203a2b65.exe
PID 1556 wrote to memory of 1140	1556	fb2da9f629fd5c61ab198a079218e281b5c32be693b733cb63eaaf07203a2b65.exe	fb2da9f629fd5c61ab198a079218e281b5c32be693b733cb63eaaf07203a2b65.exe

C:\Users\Admin\AppData\Local\Temp\fb2da9f629fd5c61ab198a079218e281b5c32be693b733cb63eaaf07203a2b65.exe
"C:\Users\Admin\AppData\Local\Temp\fb2da9f629fd5c61ab198a079218e281b5c32be693b733cb63eaaf07203a2b65.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1556

C:\Users\Admin\AppData\Local\Temp\fb2da9f629fd5c61ab198a079218e281b5c32be693b733cb63eaaf07203a2b65.exe
"C:\Users\Admin\AppData\Local\Temp\fb2da9f629fd5c61ab198a079218e281b5c32be693b733cb63eaaf07203a2b65.exe"
2⤵
PID:1140

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1140-68-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1140-58-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1140-60-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1140-62-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1140-64-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1140-66-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1140-70-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1140-71-0x0000000074620000-0x0000000074D0E000-memory.dmp

Filesize
6.9MB

Download
memory/1140-72-0x00000000043A0000-0x00000000043A1000-memory.dmp

Filesize
4KB

Download
memory/1556-55-0x0000000000E60000-0x0000000000EF2000-memory.dmp

Filesize
584KB

Download
memory/1556-56-0x0000000000E10000-0x0000000000E11000-memory.dmp

Filesize
4KB

Download
memory/1556-57-0x0000000000440000-0x0000000000448000-memory.dmp

Filesize
32KB

Download
memory/1556-54-0x0000000074620000-0x0000000074D0E000-memory.dmp

Filesize
6.9MB

Download

Analysis

Sharing