Overview

overview

10

Static

static

10

JaffaCakes...39.exe

windows7-x64

10

JaffaCakes...39.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_42916268bf063c2b532745b214949739

  • Size

    52KB

  • Sample

    250107-akrx3svnev

  • MD5

    42916268bf063c2b532745b214949739

  • SHA1

    9452606f66285f30adbf60daa5cb7d742a63f7c3

  • SHA256

    7eaeb97de5e37298a1c29e4877a28fc2a60682a4abb0fda2e95f36b4fa337284

  • SHA512

    b408882394950b7ea3d596093daa15e867c066a5e38d0de08e4e25ed5c3896e5d19e29f898dd8227982897cb1fefb5c451a42f3da7e0340873dc49ae4acc2907

  • SSDEEP

    1536:JU/75/aMCyTVQ33zxCMMaKZHGc4sE1dB:JUfCyKnNCMMamHGzskdB

Score
10/10
revengeratdiscoverypersistencestealertrojan

Malware Config

Targets

    • Target

      JaffaCakes118_42916268bf063c2b532745b214949739

    • Size

      52KB

    • MD5

      42916268bf063c2b532745b214949739

    • SHA1

      9452606f66285f30adbf60daa5cb7d742a63f7c3

    • SHA256

      7eaeb97de5e37298a1c29e4877a28fc2a60682a4abb0fda2e95f36b4fa337284

    • SHA512

      b408882394950b7ea3d596093daa15e867c066a5e38d0de08e4e25ed5c3896e5d19e29f898dd8227982897cb1fefb5c451a42f3da7e0340873dc49ae4acc2907

    • SSDEEP

      1536:JU/75/aMCyTVQ33zxCMMaKZHGc4sE1dB:JUfCyKnNCMMamHGzskdB

    Score
    10/10
    revengeratdiscoverypersistencestealertrojan

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

      trojanrevengerat

    • Revengerat family

      revengerat

    • RevengeRat Executable

      stealer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks