Extracted

• • Target

    f56f0e479af209facb1680fcc806c540N.exe

  • Size

    3.3MB

  • MD5

    f56f0e479af209facb1680fcc806c540

  • SHA1

    10bf585a2bb3b84f96502524de863483513e9e9d

  • SHA256

    6505616f631246a297ec3cd31a4edb6305a9ac7360da21217776dc594f571588

  • SHA512

    e607303b31d9a30368b6b2e94ad95409d56d78258ee01789645a6d8d5265f9984160cecc0ab3cede444c9a84b8bd2fb9fa481c21a8cacbff62ad88e65ab1e72e

  • SSDEEP

    98304:Gviz/27qWGq/TzuqCDl2Ptao7jZX6QPNA:Gviq75/TzufebNA

  Score

  10^/10

  revengeratzx999discoverypersistencestealertrojan

  • RevengeRAT

    Remote-access trojan with a wide range of capabilities.

    trojanrevengerat

  • RevengeRat Executable

    stealer

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1