revengerat | 7c51bf36e62d3094d2854fa3597c42c3cae7adffb3bb30bb95e6f38beff12cbc | Triage

Submit
Reports

Overview

overview

Static

static

3

b425db5faa...78.exe

windows7-x64

b425db5faa...78.exe

windows10-2004-x64

Sharing

General

Target

b425db5faaff29191253707b4d495278
Size

3.8MB
Sample

240305-jddxbaae54
MD5

b425db5faaff29191253707b4d495278
SHA1

8c0abed7ec34769df754d0a96c36f304818a13a1
SHA256

7c51bf36e62d3094d2854fa3597c42c3cae7adffb3bb30bb95e6f38beff12cbc
SHA512

031b0a0e6f7be82792f4bbfebd9b59381317983a9efca3e601062937e67938c20935e98bbe75c35d8354055b8335959a73c87ee32102886d6e16b0dca0774b88
SSDEEP

98304:zmgSCO/UvjQwggy1zQjeIwMM46TVI9m6Pg:6gSCOAUw/y1zUewMxI9m6Pg

Score

10^/10

revengerat zgrat nyancatrevenge persistence rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

b425db5faaff29191253707b4d495278.exe

Resource

win7-20240221-en

revengerat zgrat nyancatrevenge persistence rat trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

b425db5faaff29191253707b4d495278.exe

Resource

win10v2004-20240226-en

revengerat zgrat nyancatrevenge persistence rat trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

revengerat

Botnet

NyanCatRevenge

C2

dontreachme.duckdns.org:3601

Mutex

159ffe7d99124a92baa

Targets

- Target
  
  b425db5faaff29191253707b4d495278
- Size
  
  3.8MB
- MD5
  
  b425db5faaff29191253707b4d495278
- SHA1
  
  8c0abed7ec34769df754d0a96c36f304818a13a1
- SHA256
  
  7c51bf36e62d3094d2854fa3597c42c3cae7adffb3bb30bb95e6f38beff12cbc
- SHA512
  
  031b0a0e6f7be82792f4bbfebd9b59381317983a9efca3e601062937e67938c20935e98bbe75c35d8354055b8335959a73c87ee32102886d6e16b0dca0774b88
- SSDEEP
  
  98304:zmgSCO/UvjQwggy1zQjeIwMM46TVI9m6Pg:6gSCOAUw/y1zUewMxI9m6Pg
Score

10^/10

revengerat zgrat nyancatrevenge persistence rat trojan
- Detect ZGRat V1
- Modifies WinLogon for persistence
  persistence
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

revengeratzgratnyancatrevengepersistencerattrojan

behavioral2

revengeratzgratnyancatrevengepersistencerattrojan

© 2018-2024

Terms | Privacy