General
-
Target
JaffaCakes118_0515e47f61a95f9847545a75b876a2d5
-
Size
112KB
-
Sample
250106-bannca1jgv
-
MD5
0515e47f61a95f9847545a75b876a2d5
-
SHA1
5ac29a22ca50833014fe050a9287d0ceb47604b3
-
SHA256
faaf7582d93e929167cf114573d910f51bfea4afaa8bf0314add2bda61806f05
-
SHA512
765cc4b27bfa50923f32fe16038ffc603aec6df04b4a3687b4f28102198a432af33a26e1d864340592f1e206db8f18f7f3a9923d62df7e09d6a8a0f66cf14483
-
SSDEEP
3072:pqXvnRs4fz6MGG3TI9ujfdMdTCC8OH9J71z7p4Yp5sbY:p0nfzNTTfdMdTCC8OH9J71z7p4Y8b
Malware Config
Targets
-
-
Target
JaffaCakes118_0515e47f61a95f9847545a75b876a2d5
-
Size
112KB
-
MD5
0515e47f61a95f9847545a75b876a2d5
-
SHA1
5ac29a22ca50833014fe050a9287d0ceb47604b3
-
SHA256
faaf7582d93e929167cf114573d910f51bfea4afaa8bf0314add2bda61806f05
-
SHA512
765cc4b27bfa50923f32fe16038ffc603aec6df04b4a3687b4f28102198a432af33a26e1d864340592f1e206db8f18f7f3a9923d62df7e09d6a8a0f66cf14483
-
SSDEEP
3072:pqXvnRs4fz6MGG3TI9ujfdMdTCC8OH9J71z7p4Yp5sbY:p0nfzNTTfdMdTCC8OH9J71z7p4Y8b
Score10/10-
RevengeRAT
Remote-access trojan with a wide range of capabilities.
-
Revengerat family
-
RevengeRat Executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1Scheduled Task/Job
1Scheduled Task
1Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1