revengerat | 8c598c9782ffaf10ac7bd59c5a48acc267d15590eccba787b61cda62a7ea7138 | Triage

Submit
Reports

Overview

overview

Static

static

3

f95564a72a...18.exe

windows7-x64

f95564a72a...18.exe

windows10-2004-x64

Sharing

General

Target

f95564a72a16d6a4efa39278f0721ac2_JaffaCakes118
Size

1.0MB
Sample

240419-c9bnhaff5t
MD5

f95564a72a16d6a4efa39278f0721ac2
SHA1

4e93f6849ca3717ebb3fe64f01b2384592906464
SHA256

8c598c9782ffaf10ac7bd59c5a48acc267d15590eccba787b61cda62a7ea7138
SHA512

d371acb9407680c06f8991d06046419ae0dd156e214ed6ce1062e0499caced63ddd5a323ca8176947555e2770d6ca2cccf9f2f59becc2997d8fc2a102565ea8d
SSDEEP

24576:iJjAKND1LIQgBPiXOa8tspOJy2HNyCY3rw:iJjN9IQEiXOBywmr

Score

10^/10

revengerat zgrat nyancatrevenge persistence rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

f95564a72a16d6a4efa39278f0721ac2_JaffaCakes118.exe

Resource

win7-20240221-en

revengerat zgrat nyancatrevenge persistence rat trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

f95564a72a16d6a4efa39278f0721ac2_JaffaCakes118.exe

Resource

win10v2004-20240412-en

revengerat zgrat nyancatrevenge persistence rat trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

revengerat

Botnet

NyanCatRevenge

C2

dontreachme.duckdns.org:3601

Mutex

159ffe7d99124a92baa

Targets

- Target
  
  f95564a72a16d6a4efa39278f0721ac2_JaffaCakes118
- Size
  
  1.0MB
- MD5
  
  f95564a72a16d6a4efa39278f0721ac2
- SHA1
  
  4e93f6849ca3717ebb3fe64f01b2384592906464
- SHA256
  
  8c598c9782ffaf10ac7bd59c5a48acc267d15590eccba787b61cda62a7ea7138
- SHA512
  
  d371acb9407680c06f8991d06046419ae0dd156e214ed6ce1062e0499caced63ddd5a323ca8176947555e2770d6ca2cccf9f2f59becc2997d8fc2a102565ea8d
- SSDEEP
  
  24576:iJjAKND1LIQgBPiXOa8tspOJy2HNyCY3rw:iJjN9IQEiXOBywmr
Score

10^/10

revengerat zgrat nyancatrevenge persistence rat trojan
- Detect ZGRat V1
- Modifies WinLogon for persistence
  persistence
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

revengeratzgratnyancatrevengepersistencerattrojan

behavioral2

revengeratzgratnyancatrevengepersistencerattrojan

© 2018-2024

Terms | Privacy