Extracted

• • Target

    17a713ee3f40af5d8379f6555a0c117b

  • Size

    32KB

  • MD5

    17a713ee3f40af5d8379f6555a0c117b

  • SHA1

    39a711b37c60b3a5c21087b5c5d579aeb43f1c02

  • SHA256

    85303c6d78b4443b9df6e374924836a19ed824e0338632353e6b939aa8cc311f

  • SHA512

    20a5010eaa1a40e70f864c0f90f25e3330af69d15a7ae57e18dc1ef39633599c2df0c84f04f29af55cb7f7358bba4d0ddeacf4cde7b63f9438e333fc8ddf610e

  • SSDEEP

    768:NeNlC9F/C01WZ2b7BJyNo3pqRVtDab3mzcDeZT:NcCv/ZhJookR0Wzcu

  Score

  10^/10

  revengeratofficestealertrojanpersistence

  • RevengeRAT

    Remote-access trojan with a wide range of capabilities.

    trojanrevengerat

  • RevengeRat Executable

    stealer

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Adds Run key to start application

    persistence

  • Drops file in System32 directory

  behavioral1behavioral2