Extracted

• • Target

    2e3037f15c76457e5390a7c5b540153f_JaffaCakes118

  • Size

    111KB

  • MD5

    2e3037f15c76457e5390a7c5b540153f

  • SHA1

    0c4cc2dff8d70af9280b3f8c79e693313e5f6d81

  • SHA256

    e214f08d95ac7a1ef1b9b99283723d17deb663eaf5f5fe5625bb81e88cff37d6

  • SHA512

    9a526b7aa2a8b9ae0f68acab920de652a7e6f9e85757683b80560bf3b5aa18f01c49f1468648476eaf53e3fc6a5b928457915a696d6c69f6af6eeec0368b1ca5

  • SSDEEP

    1536:OsVeuQ+fKE+Q2zvjd0ty9ZWWbLMpTnz1rAWXM4AAhrkSqyIt5vtdVZHMBpkGE:poEYzbdgy9ZWWbIh2AM4AgrBLIXJZJ

  Score

  10^/10

  revengerattrampo_csharppersistencestealertrojan

  • RevengeRAT

    Remote-access trojan with a wide range of capabilities.

    trojanrevengerat

  • RevengeRat Executable

    stealer

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Executes dropped EXE

  • Uses the VBS compiler for execution

  • Adds Run key to start application

    persistence
  behavioral1behavioral2