Extracted

• • Target

    469ace7a2b1779141d5d9ad876d22bd8_JaffaCakes118

  • Size

    83KB

  • MD5

    469ace7a2b1779141d5d9ad876d22bd8

  • SHA1

    00c4a8d054c5ccf01d07d0623b2e7feb49907e31

  • SHA256

    9734ef357097acb99c8522829061c8851515b2fdf783d578c32381755ebcf6a7

  • SHA512

    7a0aefe11e9008d8d1c8600eabe9df87493095ef710552ba682a193c714f0a008b3a3158de750712e7fdbecc2b02d495846d8bfa7a7b1dec172cb311bc39065d

  • SSDEEP

    1536:jhReVQ4ao0s/XjLKFJn5kyD/HYtRODDOkpDWUAwaC6iz:VReVZaoh/XjLKFJnSyctRODSkpyUAwaq

  Score

  10^/10

  revengeratdiscoverypersistencespywarestealertrojan

  • RevengeRAT

    Remote-access trojan with a wide range of capabilities.

    trojanrevengerat

  • RevengeRat Executable

    stealer

  • Boot or Logon Autostart Execution: Active Setup

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2