Extracted

• • Target

    d501d27e1fbaeb2616d25c7c62d532a8a0d0f6f9aa8cbaa1b5d643c3a4936f3eN

  • Size

    948KB

  • MD5

    c83e83d7f6694f711b5a0978b65d8e60

  • SHA1

    fd1d8ffef30043088d78341c83f132b0df627bb7

  • SHA256

    d501d27e1fbaeb2616d25c7c62d532a8a0d0f6f9aa8cbaa1b5d643c3a4936f3e

  • SHA512

    7b2cb73dba159130378d87d45ea4a2c0afe34d1ccdbe3068e63626ef8ea351cf4183a6ce33aacb65d2ebbc7722c2d7189e5615977f91c98418780d0c42cab8ce

  • SSDEEP

    24576:8AHnh+eWsN3skA4RV1Hom2KXMmHalSLUf5U:bh+ZkldoPK8YalvU

  Score

  10^/10

  revengeratguestdiscoverytrojan

  • RevengeRAT

    Remote-access trojan with a wide range of capabilities.

    trojanrevengerat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Drops startup file

  • Suspicious use of SetThreadContext

  behavioral1behavioral2