General
-
Target
fbdca5d8d0459e4f2c0a1a6f9870a000_JaffaCakes118
-
Size
108KB
-
Sample
240928-j135qavgmm
-
MD5
fbdca5d8d0459e4f2c0a1a6f9870a000
-
SHA1
65ccc01b26739706066f7c5d8b52ef67e4830f89
-
SHA256
02a390aad8d557693715b7d58f42d6685a6f464a7df854b2652993d9e2e53ef0
-
SHA512
0ab28167405d40634a6353f7ade8dc7a3ddf57920ac211568a8b44c75be5be108f4f8e6c15d512367542e3057f6bc690c65c1d67d38a073a46e8941e7c1cdf1d
-
SSDEEP
1536:Wn/RHEQG+JGI0pz0y5W78MmEMmaZiTVRV37jBqaG6D3tSYvGxdHI+:2KV+JGI0pz0yamEMmaZO9j39SYv7+
Behavioral task
behavioral1
Sample
fbdca5d8d0459e4f2c0a1a6f9870a000_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
fbdca5d8d0459e4f2c0a1a6f9870a000_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
revengerat
Guest
pmoses13-47804.portmap.io:47804
RV_MUTEX
Targets
-
-
Target
fbdca5d8d0459e4f2c0a1a6f9870a000_JaffaCakes118
-
Size
108KB
-
MD5
fbdca5d8d0459e4f2c0a1a6f9870a000
-
SHA1
65ccc01b26739706066f7c5d8b52ef67e4830f89
-
SHA256
02a390aad8d557693715b7d58f42d6685a6f464a7df854b2652993d9e2e53ef0
-
SHA512
0ab28167405d40634a6353f7ade8dc7a3ddf57920ac211568a8b44c75be5be108f4f8e6c15d512367542e3057f6bc690c65c1d67d38a073a46e8941e7c1cdf1d
-
SSDEEP
1536:Wn/RHEQG+JGI0pz0y5W78MmEMmaZiTVRV37jBqaG6D3tSYvGxdHI+:2KV+JGI0pz0yamEMmaZO9j39SYv7+
Score10/10-
RevengeRat Executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Drops file in System32 directory
-