Extracted

• • Target

    8ea92ddfe617fedeec1c6b0bff838476_JaffaCakes118

  • Size

    17KB

  • MD5

    8ea92ddfe617fedeec1c6b0bff838476

  • SHA1

    f83902750d88e3df6d98f1fc512719a566e1e4ba

  • SHA256

    a0cfcc96d6892c6416c98bd378714d5efc811d8f3dfbf97c1b84632a3db3d2f2

  • SHA512

    896ef9d7508c7d778af04016e422464d2cc9b2d29aa3d46195c9e206733e33ad4041f1cfec16862467b1086f20808b8e7a1d8cc42cb1106e55e69f451c48c2e1

  • SSDEEP

    384:K4REqxuNBvRPJnMy6EnFmDHojf36bysVVTyrUiysts4:K4Rdxd8KHojblUft4

  Score

  10^/10

  revengeratpalomitapersistencestealertrojan

  • RevengeRAT

    Remote-access trojan with a wide range of capabilities.

    trojanrevengerat

  • RevengeRat Executable

    stealer

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Adds Run key to start application

    persistence
  behavioral1behavioral2