General
-
Target
84a4cb98d7bce223019fe142191dc5af_JaffaCakes118
-
Size
944KB
-
Sample
240402-fx3g8she2t
-
MD5
84a4cb98d7bce223019fe142191dc5af
-
SHA1
63386615792f409bf3cbcc78c2a53ae1438bc5ea
-
SHA256
db68ffa236dd34fb3c092e3b76b511bc16bbc0451c23a4e0a2083b6e744a5f4b
-
SHA512
1f7b06b720d424782bc31f554e33a6b80f9451076047540bc6744aa2a802824a9c73577f748f6d808195ddaa3354022d8e7ad61b814bd859036ce1944d2d1b32
-
SSDEEP
12288:gCdOy3vVrKxR5CXbNjAOxK/j2n+4YG/6c1mFFja3mXgcjfRlgsUBgaH7nhEJes3P:gCdxte/80jYLT3U1jfsWabncesOCKlQ
Malware Config
Extracted
revengerat
Guest
ournewcompany2.hopto.org:333
RV_MUTEX
Targets
-
-
Target
84a4cb98d7bce223019fe142191dc5af_JaffaCakes118
-
Size
944KB
-
MD5
84a4cb98d7bce223019fe142191dc5af
-
SHA1
63386615792f409bf3cbcc78c2a53ae1438bc5ea
-
SHA256
db68ffa236dd34fb3c092e3b76b511bc16bbc0451c23a4e0a2083b6e744a5f4b
-
SHA512
1f7b06b720d424782bc31f554e33a6b80f9451076047540bc6744aa2a802824a9c73577f748f6d808195ddaa3354022d8e7ad61b814bd859036ce1944d2d1b32
-
SSDEEP
12288:gCdOy3vVrKxR5CXbNjAOxK/j2n+4YG/6c1mFFja3mXgcjfRlgsUBgaH7nhEJes3P:gCdxte/80jYLT3U1jfsWabncesOCKlQ
Score10/10-
RevengeRAT
Remote-access trojan with a wide range of capabilities.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Suspicious use of SetThreadContext
-