revengerat | 14a5d98a762dc78113a0a642820b7fa2fc7ff86805d1dcc1d05230de717124d2 | Triage

Submit
Reports

Overview

overview

Static

static

3

bee0b629d6...82.exe

windows7-x64

bee0b629d6...82.exe

windows10-2004-x64

Sharing

General

Target

bee0b629d62b22ded860f4b4b727aa82
Size

336KB
Sample

240310-r6ecjseg33
MD5

bee0b629d62b22ded860f4b4b727aa82
SHA1

41dfd94bb6fc44517b8bf54f0df18f75d6532ffa
SHA256

14a5d98a762dc78113a0a642820b7fa2fc7ff86805d1dcc1d05230de717124d2
SHA512

4fd5aa0fe69133a045e62b88adb301f07436f1275cdfa14d2bf97ece74f8104c67103421a16edad8b9964669f6ff6fefa24e4a06c5f147f3cc0d4b2350f090e8
SSDEEP

6144:kJRMksaJX+krFD+4taWKQRO3ORNeHEhmI0fEJI5IXJbeT/PhBSY:SMkT5+krFDar7MmI0fEJdaT/PhsY

Score

10^/10

revengerat zgrat nyancatrevenge persistence rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

bee0b629d62b22ded860f4b4b727aa82.exe

Resource

win7-20240221-en

revengerat zgrat nyancatrevenge persistence rat trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

bee0b629d62b22ded860f4b4b727aa82.exe

Resource

win10v2004-20240226-en

revengerat zgrat nyancatrevenge persistence rat trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

revengerat

Botnet

NyanCatRevenge

C2

dontreachme.duckdns.org:3602

Mutex

774d753e6b8d42

Targets

- Target
  
  bee0b629d62b22ded860f4b4b727aa82
- Size
  
  336KB
- MD5
  
  bee0b629d62b22ded860f4b4b727aa82
- SHA1
  
  41dfd94bb6fc44517b8bf54f0df18f75d6532ffa
- SHA256
  
  14a5d98a762dc78113a0a642820b7fa2fc7ff86805d1dcc1d05230de717124d2
- SHA512
  
  4fd5aa0fe69133a045e62b88adb301f07436f1275cdfa14d2bf97ece74f8104c67103421a16edad8b9964669f6ff6fefa24e4a06c5f147f3cc0d4b2350f090e8
- SSDEEP
  
  6144:kJRMksaJX+krFD+4taWKQRO3ORNeHEhmI0fEJI5IXJbeT/PhBSY:SMkT5+krFDar7MmI0fEJdaT/PhsY
Score

10^/10

revengerat zgrat nyancatrevenge persistence rat trojan
- Detect ZGRat V1
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

revengeratzgratnyancatrevengepersistencerattrojan

behavioral2

revengeratzgratnyancatrevengepersistencerattrojan

© 2018-2024

Terms | Privacy