Extracted

• • Target

    fbdca5d8d0459e4f2c0a1a6f9870a000_JaffaCakes118

  • Size

    108KB

  • MD5

    fbdca5d8d0459e4f2c0a1a6f9870a000

  • SHA1

    65ccc01b26739706066f7c5d8b52ef67e4830f89

  • SHA256

    02a390aad8d557693715b7d58f42d6685a6f464a7df854b2652993d9e2e53ef0

  • SHA512

    0ab28167405d40634a6353f7ade8dc7a3ddf57920ac211568a8b44c75be5be108f4f8e6c15d512367542e3057f6bc690c65c1d67d38a073a46e8941e7c1cdf1d

  • SSDEEP

    1536:Wn/RHEQG+JGI0pz0y5W78MmEMmaZiTVRV37jBqaG6D3tSYvGxdHI+:2KV+JGI0pz0yamEMmaZO9j39SYv7+

  Score

  10^/10

  revengeratpersistencestealertrojan

  • RevengeRAT

    Remote-access trojan with a wide range of capabilities.

    trojanrevengerat

  • RevengeRat Executable

    stealer

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Executes dropped EXE

  • Uses the VBS compiler for execution

  • Adds Run key to start application

    persistence

  • Drops file in System32 directory

  behavioral1behavioral2