Extracted

• • Target

    b59e2481ae96e2fd6a0cd471369c9c16_JaffaCakes118

  • Size

    17KB

  • MD5

    b59e2481ae96e2fd6a0cd471369c9c16

  • SHA1

    57ee119a8ca014fb7ac1aee39d1a229b2ec37802

  • SHA256

    13bfc53b0932107b8db1e5d979229ff9317ebc1f32f0d82b92c3a8611d1d1cb4

  • SHA512

    432c3676080290c806fe389950192f82dcf40f91e9d6f37c0723747683eba4d0c43a627ff03a1cc22f55c427108c800ccbe4f52ade4a6e0d4163ffdfbd93cd30

  • SSDEEP

    384:+J7Jt6iJXyhIiVTIPIvnbisUexqyuLu2s2:+J7JtzCNdIomja2

  Score

  10^/10

  revengeratpersistencestealertrojan

  • RevengeRAT

    Remote-access trojan with a wide range of capabilities.

    trojanrevengerat

  • RevengeRat Executable

    stealer

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Executes dropped EXE

  • Adds Run key to start application

    persistence
  behavioral1behavioral2