Overview

overview

10

Static

static

10

82c482f8af...18.exe

windows7-x64

10

82c482f8af...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    82c482f8af3d699aeb51034dc506cd1c_JaffaCakes118

  • Size

    56KB

  • Sample

    240530-czd1wabc7y

  • MD5

    82c482f8af3d699aeb51034dc506cd1c

  • SHA1

    1c65ce6be62627ee36db9c1b1d912297e6f99abe

  • SHA256

    e8da9985457f46542b7f8c9c2e48f252f6f0d998223271a1bf073754fda2e8e3

  • SHA512

    6f55468830a5fa9fdf30d12300e3fe71ce9ff48f3ebc1d261d2ef50579b0b1aef4b3aff3cf7b337cf92b9b18bc1fe0de9cc9166fa40f5136dfb7151e0fe62899

  • SSDEEP

    768:Bs+U4zL+fRTtmqOE1UpUrz5bLLgwernMqxNTzFNBvKKU1RkWEy7mELj2T0p:I4PCbOE1UpUn5TextFNlbU1RkUmEt

Score
10/10
revengeratpersistencestealertrojan

Malware Config

Targets

    • Target

      82c482f8af3d699aeb51034dc506cd1c_JaffaCakes118

    • Size

      56KB

    • MD5

      82c482f8af3d699aeb51034dc506cd1c

    • SHA1

      1c65ce6be62627ee36db9c1b1d912297e6f99abe

    • SHA256

      e8da9985457f46542b7f8c9c2e48f252f6f0d998223271a1bf073754fda2e8e3

    • SHA512

      6f55468830a5fa9fdf30d12300e3fe71ce9ff48f3ebc1d261d2ef50579b0b1aef4b3aff3cf7b337cf92b9b18bc1fe0de9cc9166fa40f5136dfb7151e0fe62899

    • SSDEEP

      768:Bs+U4zL+fRTtmqOE1UpUrz5bLLgwernMqxNTzFNBvKKU1RkWEy7mELj2T0p:I4PCbOE1UpUn5TextFNlbU1RkUmEt

    Score
    10/10
    revengeratpersistencestealertrojan

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

      trojanrevengerat

    • RevengeRat Executable

      stealer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks