revengerat | 8a62013424695bf95dea19f504de1636f2093be8b27c3f314b2daf617b00ec1d | Triage

Submit
Reports

Overview

overview

Static

static

3

8370e6258d...ab.exe

windows7-x64

8370e6258d...ab.exe

windows10-2004-x64

Resubmissions

06-02-2024 17:01

240206-vjm8qabeh3 10

31-01-2024 04:26

240131-e2kbsabeh3 10

Sharing

General

Target

8370e6258d17dbbf8e9f4f3dced934ab
Size

465KB
Sample

240131-e2kbsabeh3
MD5

8370e6258d17dbbf8e9f4f3dced934ab
SHA1

0a276283e3784d2d5443deee623fc1ed29ae21d4
SHA256

8a62013424695bf95dea19f504de1636f2093be8b27c3f314b2daf617b00ec1d
SHA512

46b70138cc34405df1a4f716064e137ba7b1f69f178de9a1988e63734fe21d066c4f3a4818676ca7e8df720086446db94b59c5fd0bacfb07cc8c72b635f2b014
SSDEEP

6144:GhzpyQ/Hr2KeDYdk495R+2rbjUR0oXFL9P2XYtJkWDGDS9Jo4IZNW8u2wND8:GdF/HRly4rnrbCLMXYXDGAJoT2T/I

Score

10^/10

revengerat zgrat nyancatrevenge persistence rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

8370e6258d17dbbf8e9f4f3dced934ab.exe

Resource

win7-20231129-en

revengerat zgrat nyancatrevenge persistence rat trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

8370e6258d17dbbf8e9f4f3dced934ab.exe

Resource

win10v2004-20231215-en

revengerat zgrat nyancatrevenge persistence rat trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

revengerat

Botnet

NyanCatRevenge

C2

dontreachme.duckdns.org:3602

Mutex

774d753e6b8d42

Targets

- Target
  
  8370e6258d17dbbf8e9f4f3dced934ab
- Size
  
  465KB
- MD5
  
  8370e6258d17dbbf8e9f4f3dced934ab
- SHA1
  
  0a276283e3784d2d5443deee623fc1ed29ae21d4
- SHA256
  
  8a62013424695bf95dea19f504de1636f2093be8b27c3f314b2daf617b00ec1d
- SHA512
  
  46b70138cc34405df1a4f716064e137ba7b1f69f178de9a1988e63734fe21d066c4f3a4818676ca7e8df720086446db94b59c5fd0bacfb07cc8c72b635f2b014
- SSDEEP
  
  6144:GhzpyQ/Hr2KeDYdk495R+2rbjUR0oXFL9P2XYtJkWDGDS9Jo4IZNW8u2wND8:GdF/HRly4rnrbCLMXYXDGAJoT2T/I
Score

10^/10

revengerat zgrat nyancatrevenge persistence rat trojan
- Detect ZGRat V1
- Modifies WinLogon for persistence
  persistence
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

revengeratzgratnyancatrevengepersistencerattrojan

behavioral2

revengeratzgratnyancatrevengepersistencerattrojan

© 2018-2024

Terms | Privacy