General

  • Target

    1c0a7f25e19c3960d6c4232ca30cc001_JaffaCakes118

  • Size

    668KB

  • Sample

    240329-h6r4zacc4x

  • MD5

    1c0a7f25e19c3960d6c4232ca30cc001

  • SHA1

    4edac8c3ea34f5c3a30b322fcc69b09d5070c1bf

  • SHA256

    34771014ef13f70caa589a056e330cff3b1617443a9224ec3d5402ef0d88bb48

  • SHA512

    fae64d8858029991bc95d3bb6195d2f694e4c4c59c2c6cbcc25149deaa54a5cc1ce19e1db1bf4abe29c6a43940c5d6c02e6f499098a6ef791182185432d4938c

  • SSDEEP

    12288:60vu6BkozKslNh7Uw0tiIZE9jojSC1U2NhZdP6N0f98LWrIzH:60vu3sHhA4IZYjojJNhZdP9GWrIz

Malware Config

Targets

    • Target

      1c0a7f25e19c3960d6c4232ca30cc001_JaffaCakes118

    • Size

      668KB

    • MD5

      1c0a7f25e19c3960d6c4232ca30cc001

    • SHA1

      4edac8c3ea34f5c3a30b322fcc69b09d5070c1bf

    • SHA256

      34771014ef13f70caa589a056e330cff3b1617443a9224ec3d5402ef0d88bb48

    • SHA512

      fae64d8858029991bc95d3bb6195d2f694e4c4c59c2c6cbcc25149deaa54a5cc1ce19e1db1bf4abe29c6a43940c5d6c02e6f499098a6ef791182185432d4938c

    • SSDEEP

      12288:60vu6BkozKslNh7Uw0tiIZE9jojSC1U2NhZdP6N0f98LWrIzH:60vu3sHhA4IZYjojJNhZdP9GWrIz

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

    • RevengeRat Executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks