revengerat | 8957c7ce7669809a7e22b017f87fefdbfe89caa099b036048019511a5bbc4cb3 | Triage

Submit
Reports

Overview

overview

Static

static

3

b202ec278b...ca.exe

windows7-x64

b202ec278b...ca.exe

windows10-2004-x64

Sharing

General

Target

b202ec278be8a5387bac531813f482ca
Size

1.6MB
Sample

240304-nkw4paab52
MD5

b202ec278be8a5387bac531813f482ca
SHA1

772a8ea7f4671d6138701bde80bc50f7f4c3c128
SHA256

8957c7ce7669809a7e22b017f87fefdbfe89caa099b036048019511a5bbc4cb3
SHA512

de51589f8417bc41effccaf4e43f760f898139efbd42eb5aa1c66d3332cedcd664a10df831d09333631dc9682e3bcf850f6978315ba991b5a699c07582b00ace
SSDEEP

24576:tv+4z/kMXYP7I+/qF9fLueyyCgo0N4+47KTQJWs9h4aDiW5FRkTZRM4F:7oP7t/CH7o0N4+ZkJ2aDiIFoZRT

Score

10^/10

revengerat zgrat nyancatrevenge rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

b202ec278be8a5387bac531813f482ca.exe

Resource

win7-20240221-en

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

b202ec278be8a5387bac531813f482ca.exe

Resource

win10v2004-20240226-en

revengerat zgrat nyancatrevenge rat trojan

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

revengerat

Botnet

NyanCatRevenge

C2

dontreachme.duckdns.org:3602

Mutex

774d753e6b8d42

Targets

- Target
  
  b202ec278be8a5387bac531813f482ca
- Size
  
  1.6MB
- MD5
  
  b202ec278be8a5387bac531813f482ca
- SHA1
  
  772a8ea7f4671d6138701bde80bc50f7f4c3c128
- SHA256
  
  8957c7ce7669809a7e22b017f87fefdbfe89caa099b036048019511a5bbc4cb3
- SHA512
  
  de51589f8417bc41effccaf4e43f760f898139efbd42eb5aa1c66d3332cedcd664a10df831d09333631dc9682e3bcf850f6978315ba991b5a699c07582b00ace
- SSDEEP
  
  24576:tv+4z/kMXYP7I+/qF9fLueyyCgo0N4+47KTQJWs9h4aDiW5FRkTZRM4F:7oP7t/CH7o0N4+ZkJ2aDiIFoZRT
Score

10^/10

zgrat rat revengerat nyancatrevenge trojan
- Detect ZGRat V1
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

revengeratzgratnyancatrevengerattrojan

© 2018-2024

Terms | Privacy