revengerat

Sharing

Copy URL

Twitter E-mail

General

Target

SendBlaster Pro Edition v4.4.2 Full Activated.zip
Size

43.1MB
Sample

250115-ajdn3atpht
MD5

b1eb24d60ee31ae7f3416d3246b39755
SHA1

277cbc5f5ce0596f6532ed189c64322b2d35fa74
SHA256

d5b1ac3b25761e72ce3213775a37d41505c4cd1adf2f4c25fc806efb04f0500f
SHA512

0ac65cc84dfb685a6169da31bbc8335a2d7c6a22980e4a3856e829209c3c157c30ec2cec0a649bc6b80ae2ee8d29dd89e37fc205f266e40d3d9784b9a1a9550b
SSDEEP

786432:ItpOGxY7c2ps+KjC43AG5lwvbZOF2m9wnJXwTUO72bnsSQ0PEldBF:0pY7ckb831Uzc2m9wnJATKl1kd/

Score

10^/10

Malware Config

Extracted

Family

revengerat

Botnet

NyanCatRevenge

amazon.capeturk.com:100

Mutex

eea5a83186824927836

Targets

- Target
  
  SendBlaster Pro Edition v4.4.2 Full Activated.zip
- Size
  
  43.1MB
- MD5
  
  b1eb24d60ee31ae7f3416d3246b39755
- SHA1
  
  277cbc5f5ce0596f6532ed189c64322b2d35fa74
- SHA256
  
  d5b1ac3b25761e72ce3213775a37d41505c4cd1adf2f4c25fc806efb04f0500f
- SHA512
  
  0ac65cc84dfb685a6169da31bbc8335a2d7c6a22980e4a3856e829209c3c157c30ec2cec0a649bc6b80ae2ee8d29dd89e37fc205f266e40d3d9784b9a1a9550b
- SSDEEP
  
  786432:ItpOGxY7c2ps+KjC43AG5lwvbZOF2m9wnJXwTUO72bnsSQ0PEldBF:0pY7ckb831Uzc2m9wnJATKl1kd/
Score

10^/10

revengerat nyancatrevenge discovery persistence trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Revengerat family
  revengerat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2
- Target
  
  Password.txt
- Size
  
  79B
- MD5
  
  2e0a168682fadf1654cb2068cf326d51
- SHA1
  
  36c61dafe8a7134614f94e047781b1938163050e
- SHA256
  
  883b28febe1e0fbe99cc3b085b7ccdaa840609566026718775c547085f4e8fa0
- SHA512
  
  2d07c3737d09d7b92e4760018bd499050e30cef3a8fdd2c3ce4236b9183e3f50346f693fb3aa4f940028a42f6fdb643ba9b655df44d11d56b12ca368b617304c
Score

1^/10
behavioral3 behavioral4
- Target
  
  SendBlaster Pro Edition v4.4.2 Full Activated/Crack/Keys.txt
- Size
  
  322B
- MD5
  
  c2a1f4cd3be4a6f1dcb0f94507a774bf
- SHA1
  
  10e27dc146b73d496e88554ce27622512986106c
- SHA256
  
  25d912d729d3705e5cc76e66399315a2e37c1a115a1d42968504c468dd20e33f
- SHA512
  
  5ce4742692a6702970a620236bb1e8ae15b89a8a96ea04af0943b443dbecfb30bcba5e224450fd9b1e7e6d10325adf8ec632e860329f0d34b3aad0a33cb41394
Score

1^/10
behavioral5 behavioral6
- Target
  
  SendBlaster Pro Edition v4.4.2 Full Activated/Crack/sendblaster4.exe
- Size
  
  13.3MB
- MD5
  
  e63d295971421b43438fca8b151f6a9a
- SHA1
  
  b55ee9c37a573a340407c6bf2f9cb774bf2e9efb
- SHA256
  
  2b0da63ac42341947e4cd3d328ea1944ad48ae14f909477933c7efcd4a3f2e64
- SHA512
  
  3dddf727b9e39e7f389852718bc7f4e395c09e8e5a509dd2ae432cad8fd3e85dee9354017add79a82f907efbf3ee6ed043f8648b9db88eb3425e668a5ef36fa0
- SSDEEP
  
  196608:wHrj7m3bLra9IhegWH4Ix9ScNJ/pv4470YvBc3WMH+OQEomT0FtO39at:wHr3mzlGd9
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  SendBlaster Pro Edition v4.4.2 Full Activated/Readme.txt
- Size
  
  170B
- MD5
  
  640fabc9199e83873e36ce89b8f922bf
- SHA1
  
  e925027f8bbb0afe6f4205b1a64ea84149c7bcc4
- SHA256
  
  caece8822822c0c3b63c95d45ab24a19167004bddaa8740090ab336bd7d1cf8a
- SHA512
  
  78cc942bb20f883bb73459b6db651711ffef289dd43a87cf0084ef331779881a200ea4f9f1a6197e61755b969bcfdef663512447f38fa4c4e783ed37f8743aca
Score

1^/10
behavioral10 behavioral9
- Target
  
  SendBlaster Pro Edition v4.4.2 Full Activated/Sendblaster Setup.exe
- Size
  
  44.6MB
- MD5
  
  227915d05ebba701f451ddff34341f8a
- SHA1
  
  f7f1b90626a41b86c170df89a8734e57b5b1c364
- SHA256
  
  90a768fd29d2852b719938bb18a0727889a44793cbf64ea77498124746fd6f7d
- SHA512
  
  1cb6a6680dacc2960574b10f7e9c6c27e735daa38ff5b4e8b7cba2f817770c2d45971be33b42a6ee2ea839cc16be9cfbd689458c9242160912aeb1ba88f4ba0f
- SSDEEP
  
  786432:MKRjDDcwN5pfH+wVhYpePLvojtIeOSK76UVA4OUzl4DpmsIEN:3NncwcImoPLojwSeVOUpWosI
Score

10^/10

revengerat nyancatrevenge discovery persistence privilege_escalation trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Revengerat family
  revengerat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral11 behavioral12