revengerat | 55e059e1dda752cbbba16600f3f419431a11fbe93dbaa3d578b320c53693f847 | Triage

Analysis

max time kernel
150s
max time network
162s
platform
windows7_x64
resource
win7-20220414-en
submitted
02-05-2022 15:02

Sharing

Report Analysis Logs

General

Target

55e059e1dda752cbbba16600f3f419431a11fbe93dbaa3d578b320c53693f847.exe
Size

74KB
MD5

5cfa23e4a78c8277c7d1329aa64e7db6
SHA1

ca985c39937eb19997cdfc450c3c83a9dc804a61
SHA256

55e059e1dda752cbbba16600f3f419431a11fbe93dbaa3d578b320c53693f847
SHA512

9eb5848e347d217f5eafdaa576e9e02bbcd6341663b70aba96a71503c400714ec84bc2c95fd3df32a183f8f7bf1028702d38f8f1a3d2f4b90a2164ab2e3d119f

Score

10^/10

revengerat nyancatrevenge trojan

Malware Config

Extracted

Family

revengerat

Botnet

NyanCatRevenge

C2

79.134.225.88:2222

Mutex

286f973cd74a49

Signatures

RevengeRAT
Remote-access trojan with a wide range of capabilities.
trojan revengerat
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

55e059e1dda752cbbba16600f3f419431a11fbe93dbaa3d578b320c53693f847.exe

description pid process

Token: SeDebugPrivilege 1656 55e059e1dda752cbbba16600f3f419431a11fbe93dbaa3d578b320c53693f847.exe

C:\Users\Admin\AppData\Local\Temp\55e059e1dda752cbbba16600f3f419431a11fbe93dbaa3d578b320c53693f847.exe
"C:\Users\Admin\AppData\Local\Temp\55e059e1dda752cbbba16600f3f419431a11fbe93dbaa3d578b320c53693f847.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1656

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1656-54-0x0000000000020000-0x0000000000038000-memory.dmp

Filesize
96KB

Download
memory/1656-55-0x000007FEFC1F1000-0x000007FEFC1F3000-memory.dmp

Filesize
8KB

Download
memory/1656-56-0x00000000001A0000-0x00000000001AA000-memory.dmp

Filesize
40KB

Download