Extracted

• • Target

    Client.exe

  • Size

    108KB

  • MD5

    f55c1e64f9428adef9ab57b608d01587

  • SHA1

    c85960f54528f94ec839b6c2d125c7249815427f

  • SHA256

    c9d1c9ef3a637ac66861d41a4c35e9be5cb2abf286c585e093b5ed281bea1c66

  • SHA512

    26978fef89a5cdf7baf8ae04823c238e4db686fbcae5a5ee1dcc9acb9a4c06092289f4babf84d1cfe954fd67744e2cc5cfbe1b46668d807edd03632bfc083e80

  • SSDEEP

    1536:7ALrNYa/BoIR5qlTSb6cPekifrK1J/r8Th9M8haZ40VRX37jBqapD3tSYthxdHM+:Ob/BoIRcfdh/03jr9SYt++

  Score

  10^/10

  revengeratstealertrojan

  • RevengeRAT

    Remote-access trojan with a wide range of capabilities.

    trojanrevengerat

  • RevengeRat Executable

    stealer

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Uses the VBS compiler for execution

  • Drops file in System32 directory

  behavioral1