Extracted

• • Target

    abc6a0990ea8380a9e24f40ebcd27b51_JaffaCakes118

  • Size

    260KB

  • MD5

    abc6a0990ea8380a9e24f40ebcd27b51

  • SHA1

    af2dcca7a31bf2bf3affee762fb4befe4e133c7b

  • SHA256

    b620d76117123aa2d044495ee0c0d85b5c1ba0985cb53cb149a350da07ea003c

  • SHA512

    b020c189ab38cf03fc28b45d8bf4607e7ab4fecd4f03b9a9de2ebde210d9808927f95655c6de859addb54f536de2bb97d7726a6a9b76e572aedd3a83a3faa6ea

  • SSDEEP

    6144:wzWFeYL/6W8AK+jr4Nbws24HCrv5r1p4vcPwCx7sTe3PM7D+:0SaG4Nbws5HCrxr74vcPwY+e3PM7S

  Score

  10^/10

  revengeratdiscoveryexecutionpersistencestealertrojan

  • RevengeRAT

    Remote-access trojan with a wide range of capabilities.

    trojanrevengerat

  • RevengeRat Executable

    stealer

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Uses the VBS compiler for execution

  • Adds Run key to start application

    persistence

  • Command and Scripting Interpreter: PowerShell

    Using powershell.exe command.

    execution

  • Drops file in System32 directory

  behavioral1behavioral2