Extracted

• • Target

    277ada55027e622cb40e0073f3bf1455_JaffaCakes118

  • Size

    338KB

  • MD5

    277ada55027e622cb40e0073f3bf1455

  • SHA1

    6afe2ecf96f343a309ae3862666a348008f64767

  • SHA256

    cadf2258eea6660cb234b885df194018c793f274264e40ef95b233eb0933600e

  • SHA512

    ab67089fed2cce855b5b4f4cd7a2315966568fb5a1e6607f3d09173c04e685c0a3cbe8d7e3245aa484b73368c5d66826dc52e51eea81f39b1048a23a9b323a3a

  • SSDEEP

    6144:Rwv2GhNrav9aCHQiRgkktkAvgyFvatu6REs9TBaM5O5vWNUc43:Rw2iNzCwkgkktkAI8yY6Rpw5yu

  Score

  10^/10

  revengeratpersistencestealertrojan

  • RevengeRAT

    Remote-access trojan with a wide range of capabilities.

    trojanrevengerat

  • RevengeRat Executable

    stealer

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Uses the VBS compiler for execution

  • Adds Run key to start application

    persistence

  • Drops file in System32 directory

  behavioral1behavioral2