revengerat | 331af54ba71ddfadef016f727f23eff94389f21bad76ad302ebea09cc123cff6 | Triage

Submit
Reports

Overview

overview

Static

static

1

bfc577b39b...c.ppam

windows7-x64

bfc577b39b...c.ppam

windows10-2004-x64

Sharing

General

Target

b41de65c12f3ebc33982e3f4f7d6a869.bin
Size

10KB
Sample

240111-dz3vnsdfhr
MD5

01eb83e3968e9982ed2fb3c290412c5f
SHA1

e2af54aa77a86c28dcc5cd8eba7642bac0eec6a5
SHA256

331af54ba71ddfadef016f727f23eff94389f21bad76ad302ebea09cc123cff6
SHA512

ecffe1d99f6a73faee3434baa66d59add6041cf823b06eb2fb0c02fda656b3c235b282b0cb20ddd8cbb3d95712a211bc5bb753bf6fb3a9c5d92a4a0799ed0d5a
SSDEEP

192:lSErsfOMP+zO+5EYOTK6UG1cUQVZUZkoDzL80sdmxTnEtud2Iv5B1Xlnj:lL5e+b5O+6r1cUQbUyymdm9EEd2+1Xxj

Score

10^/10

revengerat nyancatrevenge persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

bfc577b39beb5360dcc147f0fdb15921edeaf7e1df44b6992f57f213b5efecdc.ppam

Resource

win7-20231215-en

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

bfc577b39beb5360dcc147f0fdb15921edeaf7e1df44b6992f57f213b5efecdc.ppam

Resource

win10v2004-20231215-en

revengerat nyancatrevenge persistence trojan

windows10-2004-x64

21 signatures

150 seconds

Malware Config

Extracted

Family

revengerat

Botnet

NyanCatRevenge

C2

marcelotatuape.ddns.net:333

Mutex

7d11be66eae7

Targets

- Target
  
  bfc577b39beb5360dcc147f0fdb15921edeaf7e1df44b6992f57f213b5efecdc.ppam
- Size
  
  11KB
- MD5
  
  b41de65c12f3ebc33982e3f4f7d6a869
- SHA1
  
  f51d21035ec5527e814aaddd394944afbac5a18a
- SHA256
  
  bfc577b39beb5360dcc147f0fdb15921edeaf7e1df44b6992f57f213b5efecdc
- SHA512
  
  f8fd4932d71eff05f96beca1e2c2e4c2ef03a5f62afbccce07cc0d3b2e493c8980880ad6b4046f0c8c67f542e0f4b9ab5ee1fd72163d86663b1b1dba6853ed8d
- SSDEEP
  
  192:xrXP/x/jgjHdiswBnPKkaUgH4V0zpULuU4Z1m4z5w9kalVaI5dOVq0:dXPt8j96djazzUUZ1YZVaIPOB
Score

10^/10

revengerat nyancatrevenge persistence trojan
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

revengeratnyancatrevengepersistencetrojan

© 2018-2024

Terms | Privacy