revengerat | 8c598c9782ffaf10ac7bd59c5a48acc267d15590eccba787b61cda62a7ea7138

Analysis

max time kernel
63s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
28-12-2023 21:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f95564a72a16d6a4efa39278f0721ac2.exe
Size

1.0MB
MD5

f95564a72a16d6a4efa39278f0721ac2
SHA1

4e93f6849ca3717ebb3fe64f01b2384592906464
SHA256

8c598c9782ffaf10ac7bd59c5a48acc267d15590eccba787b61cda62a7ea7138
SHA512

d371acb9407680c06f8991d06046419ae0dd156e214ed6ce1062e0499caced63ddd5a323ca8176947555e2770d6ca2cccf9f2f59becc2997d8fc2a102565ea8d
SSDEEP

24576:iJjAKND1LIQgBPiXOa8tspOJy2HNyCY3rw:iJjN9IQEiXOBywmr

Score

10^/10

revengerat zgrat nyancatrevenge rat trojan

Malware Config

Extracted

Family

revengerat

Botnet

NyanCatRevenge

dontreachme.duckdns.org:3601

Mutex

159ffe7d99124a92baa

Signatures

Detect ZGRat V1 34 IoCs

Processes:

resource	yara_rule
behavioral2/memory/3248-9-0x00000000063A0000-0x000000000640E000-memory.dmp	family_zgrat_v1
behavioral2/memory/3248-11-0x00000000063A0000-0x0000000006407000-memory.dmp	family_zgrat_v1
behavioral2/memory/3248-29-0x00000000063A0000-0x0000000006407000-memory.dmp	family_zgrat_v1
behavioral2/memory/3248-47-0x00000000063A0000-0x0000000006407000-memory.dmp	family_zgrat_v1
behavioral2/memory/3248-61-0x00000000063A0000-0x0000000006407000-memory.dmp	family_zgrat_v1
behavioral2/memory/3248-73-0x00000000063A0000-0x0000000006407000-memory.dmp	family_zgrat_v1
behavioral2/memory/3248-71-0x00000000063A0000-0x0000000006407000-memory.dmp	family_zgrat_v1
behavioral2/memory/3248-69-0x00000000063A0000-0x0000000006407000-memory.dmp	family_zgrat_v1
behavioral2/memory/3248-67-0x00000000063A0000-0x0000000006407000-memory.dmp	family_zgrat_v1
behavioral2/memory/3248-65-0x00000000063A0000-0x0000000006407000-memory.dmp	family_zgrat_v1
behavioral2/memory/3248-63-0x00000000063A0000-0x0000000006407000-memory.dmp	family_zgrat_v1
behavioral2/memory/3248-59-0x00000000063A0000-0x0000000006407000-memory.dmp	family_zgrat_v1
behavioral2/memory/3248-57-0x00000000063A0000-0x0000000006407000-memory.dmp	family_zgrat_v1
behavioral2/memory/3248-55-0x00000000063A0000-0x0000000006407000-memory.dmp	family_zgrat_v1
behavioral2/memory/3248-53-0x00000000063A0000-0x0000000006407000-memory.dmp	family_zgrat_v1
behavioral2/memory/3248-51-0x00000000063A0000-0x0000000006407000-memory.dmp	family_zgrat_v1
behavioral2/memory/3248-49-0x00000000063A0000-0x0000000006407000-memory.dmp	family_zgrat_v1
behavioral2/memory/3248-45-0x00000000063A0000-0x0000000006407000-memory.dmp	family_zgrat_v1
behavioral2/memory/3248-43-0x00000000063A0000-0x0000000006407000-memory.dmp	family_zgrat_v1
behavioral2/memory/3248-41-0x00000000063A0000-0x0000000006407000-memory.dmp	family_zgrat_v1
behavioral2/memory/3248-39-0x00000000063A0000-0x0000000006407000-memory.dmp	family_zgrat_v1
behavioral2/memory/3248-37-0x00000000063A0000-0x0000000006407000-memory.dmp	family_zgrat_v1
behavioral2/memory/3248-35-0x00000000063A0000-0x0000000006407000-memory.dmp	family_zgrat_v1
behavioral2/memory/3248-33-0x00000000063A0000-0x0000000006407000-memory.dmp	family_zgrat_v1
behavioral2/memory/3248-31-0x00000000063A0000-0x0000000006407000-memory.dmp	family_zgrat_v1
behavioral2/memory/3248-27-0x00000000063A0000-0x0000000006407000-memory.dmp	family_zgrat_v1
behavioral2/memory/3248-25-0x00000000063A0000-0x0000000006407000-memory.dmp	family_zgrat_v1
behavioral2/memory/3248-23-0x00000000063A0000-0x0000000006407000-memory.dmp	family_zgrat_v1
behavioral2/memory/3248-21-0x00000000063A0000-0x0000000006407000-memory.dmp	family_zgrat_v1
behavioral2/memory/3248-19-0x00000000063A0000-0x0000000006407000-memory.dmp	family_zgrat_v1
behavioral2/memory/3248-17-0x00000000063A0000-0x0000000006407000-memory.dmp	family_zgrat_v1
behavioral2/memory/3248-15-0x00000000063A0000-0x0000000006407000-memory.dmp	family_zgrat_v1
behavioral2/memory/3248-13-0x00000000063A0000-0x0000000006407000-memory.dmp	family_zgrat_v1
behavioral2/memory/3248-10-0x00000000063A0000-0x0000000006407000-memory.dmp	family_zgrat_v1

RevengeRAT
Remote-access trojan with a wide range of capabilities.
trojan revengerat
ZGRat
ZGRat is remote access trojan written in C#.
rat zgrat
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

f95564a72a16d6a4efa39278f0721ac2.exe

description pid process

Token: SeDebugPrivilege 3248 f95564a72a16d6a4efa39278f0721ac2.exe

description	pid	process
Token: SeDebugPrivilege	3248	f95564a72a16d6a4efa39278f0721ac2.exe

C:\Users\Admin\AppData\Local\Temp\f95564a72a16d6a4efa39278f0721ac2.exe
"C:\Users\Admin\AppData\Local\Temp\f95564a72a16d6a4efa39278f0721ac2.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3248

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\_Xtsijkfgdndn.vbs"
2⤵
PID:372

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -ExclusionPath C:\,'C:\Users\Admin\AppData\Local\JavaUpdate\JavaUpdate.exe'
3⤵
PID:3528

C:\Users\Admin\AppData\Local\Temp\f95564a72a16d6a4efa39278f0721ac2.exe
C:\Users\Admin\AppData\Local\Temp\f95564a72a16d6a4efa39278f0721ac2.exe
2⤵
PID:4544

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3248-17-0x00000000063A0000-0x0000000006407000-memory.dmp

Filesize
412KB

Download
memory/3248-51-0x00000000063A0000-0x0000000006407000-memory.dmp

Filesize
412KB

Download
memory/3248-3-0x0000000004E60000-0x0000000004EF2000-memory.dmp

Filesize
584KB

Download
memory/3248-2-0x0000000005370000-0x0000000005914000-memory.dmp

Filesize
5.6MB

Download
memory/3248-4-0x0000000004D60000-0x0000000004D70000-memory.dmp

Filesize
64KB

Download
memory/3248-5-0x0000000004DF0000-0x0000000004DFA000-memory.dmp

Filesize
40KB

Download
memory/3248-6-0x0000000004D60000-0x0000000004D70000-memory.dmp

Filesize
64KB

Download
memory/3248-7-0x0000000074DC0000-0x0000000075570000-memory.dmp

Filesize
7.7MB

Download
memory/3248-9-0x00000000063A0000-0x000000000640E000-memory.dmp

Filesize
440KB

Download
memory/3248-11-0x00000000063A0000-0x0000000006407000-memory.dmp

Filesize
412KB

Download
memory/3248-29-0x00000000063A0000-0x0000000006407000-memory.dmp

Filesize
412KB

Download
memory/3248-47-0x00000000063A0000-0x0000000006407000-memory.dmp

Filesize
412KB

Download
memory/3248-61-0x00000000063A0000-0x0000000006407000-memory.dmp

Filesize
412KB

Download
memory/3248-73-0x00000000063A0000-0x0000000006407000-memory.dmp

Filesize
412KB

Download
memory/3248-71-0x00000000063A0000-0x0000000006407000-memory.dmp

Filesize
412KB

Download
memory/3248-69-0x00000000063A0000-0x0000000006407000-memory.dmp

Filesize
412KB

Download
memory/3248-67-0x00000000063A0000-0x0000000006407000-memory.dmp

Filesize
412KB

Download
memory/3248-65-0x00000000063A0000-0x0000000006407000-memory.dmp

Filesize
412KB

Download
memory/3248-63-0x00000000063A0000-0x0000000006407000-memory.dmp

Filesize
412KB

Download
memory/3248-59-0x00000000063A0000-0x0000000006407000-memory.dmp

Filesize
412KB

Download
memory/3248-57-0x00000000063A0000-0x0000000006407000-memory.dmp

Filesize
412KB

Download
memory/3248-55-0x00000000063A0000-0x0000000006407000-memory.dmp

Filesize
412KB

Download
memory/3248-53-0x00000000063A0000-0x0000000006407000-memory.dmp

Filesize
412KB

Download
memory/3248-15-0x00000000063A0000-0x0000000006407000-memory.dmp

Filesize
412KB

Download
memory/3248-49-0x00000000063A0000-0x0000000006407000-memory.dmp

Filesize
412KB

Download
memory/3248-717-0x0000000004D60000-0x0000000004D70000-memory.dmp

Filesize
64KB

Download
memory/3248-43-0x00000000063A0000-0x0000000006407000-memory.dmp

Filesize
412KB

Download
memory/3248-41-0x00000000063A0000-0x0000000006407000-memory.dmp

Filesize
412KB

Download
memory/3248-39-0x00000000063A0000-0x0000000006407000-memory.dmp

Filesize
412KB

Download
memory/3248-37-0x00000000063A0000-0x0000000006407000-memory.dmp

Filesize
412KB

Download
memory/3248-35-0x00000000063A0000-0x0000000006407000-memory.dmp

Filesize
412KB

Download
memory/3248-33-0x00000000063A0000-0x0000000006407000-memory.dmp

Filesize
412KB

Download
memory/3248-31-0x00000000063A0000-0x0000000006407000-memory.dmp

Filesize
412KB

Download
memory/3248-27-0x00000000063A0000-0x0000000006407000-memory.dmp

Filesize
412KB

Download
memory/3248-25-0x00000000063A0000-0x0000000006407000-memory.dmp

Filesize
412KB

Download
memory/3248-23-0x00000000063A0000-0x0000000006407000-memory.dmp

Filesize
412KB

Download
memory/3248-21-0x00000000063A0000-0x0000000006407000-memory.dmp

Filesize
412KB

Download
memory/3248-19-0x00000000063A0000-0x0000000006407000-memory.dmp

Filesize
412KB

Download
memory/3248-0-0x00000000002D0000-0x00000000003D8000-memory.dmp

Filesize
1.0MB

Download
memory/3248-1-0x0000000074DC0000-0x0000000075570000-memory.dmp

Filesize
7.7MB

Download
memory/3248-45-0x00000000063A0000-0x0000000006407000-memory.dmp

Filesize
412KB

Download
memory/3248-13-0x00000000063A0000-0x0000000006407000-memory.dmp

Filesize
412KB

Download
memory/3248-10-0x00000000063A0000-0x0000000006407000-memory.dmp

Filesize
412KB

Download
memory/3248-8-0x0000000006120000-0x0000000006162000-memory.dmp

Filesize
264KB

Download
memory/3248-1946-0x0000000074DC0000-0x0000000075570000-memory.dmp

Filesize
7.7MB

Download
memory/3528-1994-0x0000000074DC0000-0x0000000075570000-memory.dmp

Filesize
7.7MB

Download
memory/3528-1980-0x0000000000A90000-0x0000000000AA0000-memory.dmp

Filesize
64KB

Download
memory/3528-1951-0x0000000004D80000-0x00000000053A8000-memory.dmp

Filesize
6.2MB

Download
memory/3528-1952-0x0000000005530000-0x0000000005552000-memory.dmp

Filesize
136KB

Download
memory/3528-1953-0x00000000055D0000-0x0000000005636000-memory.dmp

Filesize
408KB

Download
memory/3528-1959-0x0000000005640000-0x00000000056A6000-memory.dmp

Filesize
408KB

Download
memory/3528-1964-0x00000000057F0000-0x0000000005B44000-memory.dmp

Filesize
3.3MB

Download
memory/3528-1949-0x0000000074DC0000-0x0000000075570000-memory.dmp

Filesize
7.7MB

Download
memory/3528-1948-0x0000000000B00000-0x0000000000B36000-memory.dmp

Filesize
216KB

Download
memory/3528-1965-0x0000000005CE0000-0x0000000005CFE000-memory.dmp

Filesize
120KB

Download
memory/3528-1966-0x0000000005D20000-0x0000000005D6C000-memory.dmp

Filesize
304KB

Download
memory/3528-1986-0x0000000007290000-0x0000000007326000-memory.dmp

Filesize
600KB

Download
memory/3528-1969-0x0000000070BE0000-0x0000000070C2C000-memory.dmp

Filesize
304KB

Download
memory/3528-1982-0x0000000006EF0000-0x0000000006F93000-memory.dmp

Filesize
652KB

Download
memory/3528-1981-0x0000000000A90000-0x0000000000AA0000-memory.dmp

Filesize
64KB

Download
memory/3528-1950-0x0000000000A90000-0x0000000000AA0000-memory.dmp

Filesize
64KB

Download
memory/3528-1984-0x0000000007010000-0x000000000702A000-memory.dmp

Filesize
104KB

Download
memory/3528-1985-0x0000000007080000-0x000000000708A000-memory.dmp

Filesize
40KB

Download
memory/3528-1983-0x0000000007650000-0x0000000007CCA000-memory.dmp

Filesize
6.5MB

Download
memory/3528-1979-0x00000000062B0000-0x00000000062CE000-memory.dmp

Filesize
120KB

Download
memory/3528-1990-0x0000000007350000-0x000000000736A000-memory.dmp

Filesize
104KB

Download
memory/3528-1968-0x0000000006EB0000-0x0000000006EE2000-memory.dmp

Filesize
200KB

Download
memory/3528-1987-0x0000000007210000-0x0000000007221000-memory.dmp

Filesize
68KB

Download
memory/3528-1967-0x000000007F160000-0x000000007F170000-memory.dmp

Filesize
64KB

Download
memory/3528-1989-0x0000000007250000-0x0000000007264000-memory.dmp

Filesize
80KB

Download
memory/3528-1988-0x0000000007240000-0x000000000724E000-memory.dmp

Filesize
56KB

Download
memory/3528-1991-0x0000000007330000-0x0000000007338000-memory.dmp

Filesize
32KB

Download
memory/4544-1947-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4544-1945-0x0000000074DC0000-0x0000000075570000-memory.dmp

Filesize
7.7MB

Download
memory/4544-1995-0x0000000005470000-0x0000000005480000-memory.dmp

Filesize
64KB

Download
memory/4544-1996-0x0000000074DC0000-0x0000000075570000-memory.dmp

Filesize
7.7MB

Download
memory/4544-1997-0x0000000005470000-0x0000000005480000-memory.dmp

Filesize
64KB

Download