revengerat | b56c7eb4bc0fb792543e4e52056922151cb34a96d948c0ae576f995916ab846c | Triage

Submit
Reports

Overview

overview

Static

static

3

36c1d1f6b1...51.exe

windows7-x64

36c1d1f6b1...51.exe

windows10-2004-x64

Sharing

General

Target

36c1d1f6b1379323dbce4fd7c1877451
Size

374KB
Sample

231231-p3ah3sedh4
MD5

36c1d1f6b1379323dbce4fd7c1877451
SHA1

28f2fe2d0d3e503a21eb38e0f1689892c2ef6564
SHA256

b56c7eb4bc0fb792543e4e52056922151cb34a96d948c0ae576f995916ab846c
SHA512

a535626e5d4564401f17fa8dfe14bb3e2e116feb1cf7bc1f0d543b72d23f59631c08fa8201df616f8fc5b11d76b9b29dd3d46f7b60fdcfd22fd5cf616007173a
SSDEEP

6144:ZOOAs8obIAPF2iJ6s2509pQOO5tgWJ1IS+aBkDKuBZ:oC8obIAPsiJ6sF98gWJ1R+aiGaZ

Score

10^/10

revengerat zgrat nyancatrevenge persistence rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

36c1d1f6b1379323dbce4fd7c1877451.exe

Resource

win7-20231215-en

revengerat zgrat nyancatrevenge persistence rat trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

36c1d1f6b1379323dbce4fd7c1877451.exe

Resource

win10v2004-20231222-en

zgrat persistence rat

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

revengerat

Botnet

NyanCatRevenge

C2

dontreachme.duckdns.org:3602

Mutex

774d753e6b8d42

Targets

- Target
  
  36c1d1f6b1379323dbce4fd7c1877451
- Size
  
  374KB
- MD5
  
  36c1d1f6b1379323dbce4fd7c1877451
- SHA1
  
  28f2fe2d0d3e503a21eb38e0f1689892c2ef6564
- SHA256
  
  b56c7eb4bc0fb792543e4e52056922151cb34a96d948c0ae576f995916ab846c
- SHA512
  
  a535626e5d4564401f17fa8dfe14bb3e2e116feb1cf7bc1f0d543b72d23f59631c08fa8201df616f8fc5b11d76b9b29dd3d46f7b60fdcfd22fd5cf616007173a
- SSDEEP
  
  6144:ZOOAs8obIAPF2iJ6s2509pQOO5tgWJ1IS+aBkDKuBZ:oC8obIAPsiJ6sF98gWJ1R+aiGaZ
Score

10^/10

revengerat zgrat nyancatrevenge persistence rat trojan
- Detect ZGRat V1
- Modifies WinLogon for persistence
  persistence
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

revengeratzgratnyancatrevengepersistencerattrojan

behavioral2

zgratpersistencerat

© 2018-2024

Terms | Privacy