Extracted

• • Target

    Mail Ripper.exe

  • Size

    9.6MB

  • MD5

    6a7bb2101f69d3872eacac436347bc43

  • SHA1

    209a5d147379c2141d369eed6137160944446bc8

  • SHA256

    0c8036aaa2f7e38f82368895fa42394d8306112f2e1b2712bfb09421b2f3007e

  • SHA512

    dfc66f561826aa080383b8e63062923b622615390d79d6eecff264a85d90c30ddad9966f29c5932ef0665f9b2fce9539e9802d7b7d001ad2cdf4e008673c4e1b

  • SSDEEP

    196608:DDR0MhC+BTX1QFhjwt25HnuC48RmU/3ZlsPvXfHTvN8CJDzB0qfe:nRlAuOHuCtN3ZWXfT7

  Score

  10^/10

  revengeratnyancatrevengepersistencepyinstallertrojan

  • RevengeRAT

    Remote-access trojan with a wide range of capabilities.

    trojanrevengerat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2