General
-
Target
0baae90140666a166ba4c9afd6aeba63_JaffaCakes118
-
Size
286KB
-
Sample
240501-ngtt6adf51
-
MD5
0baae90140666a166ba4c9afd6aeba63
-
SHA1
9bf0a78c3315231157c930e2b082bcc08595c540
-
SHA256
5be79745fe75b92b558cbada1db58a6df377e6498268aedde474ec4546994a36
-
SHA512
62c4968871594177f02b357221b3bf7ee2bd684c0f762c7227520ad799699c42d5f2ef26553a0da879f7c497cd15ffd2b95b9e31ddd7d04b9af74e7f6b738089
-
SSDEEP
3072:X8ZCsmsR3IqCIHLl75z4sI70rcAtxu6m89132TEI6jL2TdKL9YEgIximLiJv55hE:sUUSzcWQViC9
Malware Config
Extracted
revengerat
Targets
-
-
Target
0baae90140666a166ba4c9afd6aeba63_JaffaCakes118
-
Size
286KB
-
MD5
0baae90140666a166ba4c9afd6aeba63
-
SHA1
9bf0a78c3315231157c930e2b082bcc08595c540
-
SHA256
5be79745fe75b92b558cbada1db58a6df377e6498268aedde474ec4546994a36
-
SHA512
62c4968871594177f02b357221b3bf7ee2bd684c0f762c7227520ad799699c42d5f2ef26553a0da879f7c497cd15ffd2b95b9e31ddd7d04b9af74e7f6b738089
-
SSDEEP
3072:X8ZCsmsR3IqCIHLl75z4sI70rcAtxu6m89132TEI6jL2TdKL9YEgIximLiJv55hE:sUUSzcWQViC9
Score10/10-
RevengeRAT
Remote-access trojan with a wide range of capabilities.
-
RevengeRat Executable
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-