Extracted

Extracted

Extracted

• • Target

    eca7e438ad10709a7f1816a406023a61_JaffaCakes118

  • Size

    1.6MB

  • MD5

    eca7e438ad10709a7f1816a406023a61

  • SHA1

    caed3687be32d80134c4efb1e0ed2e5c0d018cb7

  • SHA256

    d298f6741d1e6df0f9201d86e9bc89c29f0f37e3c437498f3f5471a56ad80fa0

  • SHA512

    7780daa4f8bd3c7fe985018c05e0fa9d38bb4787e40e2652d351393a0b3367447b46e29ec02e92caf554bb96e906ff1e9d805efa2b02caffafecd52b29ac1cb0

  • SSDEEP

    12288:J/Z2/ZX/ZY/ZZ/ZC/ZD/ZU/ZF/Zv/Z3/Zs/Z1/Zq/ZT/ZI/ZB/Zm/ZZ/Ze/Z0/Zc:HqBQ3elEbJhMrWVgP63ikZuTl

  Score

  10^/10

  discoveryexecutionrevengeratvjw0rmstealertrojanworm

  • Process spawned unexpected child process

    This typically indicates the parent process was compromised via an exploit or macro.

  • RevengeRAT

    Remote-access trojan with a wide range of capabilities.

    trojanrevengerat

  • Vjw0rm

    Vjw0rm is a remote access trojan written in JavaScript.

    trojanwormvjw0rm

  • RevengeRat Executable

    stealer

  • Blocklisted process makes network request

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Command and Scripting Interpreter: PowerShell

    Using powershell.exe command.

    execution

  • Network Share Discovery

    Attempt to gather information on host network.

    discovery
  behavioral1behavioral2