Extracted

• • Target

    JaffaCakes118_7e63213f90d5916ee351c1b7c4a84958

  • Size

    279KB

  • MD5

    7e63213f90d5916ee351c1b7c4a84958

  • SHA1

    6bc40e54159f8c07564c8d69da029f730c3386e4

  • SHA256

    4de025b765e8509fe00fdbd927329480d23f5f6c2a3c2511c0dc8a438fbc7623

  • SHA512

    d796c3393df3a86d2281b14dd237c4fa1c2b986b279474d5dff05c09ab25a7c1976422eea25223ca0b78283775b5bb36fdf34764af24e267fb345513036f23a0

  • SSDEEP

    6144:LhesgPTJrXm51Y8gLJw+0eee1r2O0wDB29poPV:LhesgE+JwLepCvwDB29pg

  Score

  10^/10

  revengeratdiscoverypersistencespywarestealertrojan

  • RevengeRAT

    Remote-access trojan with a wide range of capabilities.

    trojanrevengerat

  • Revengerat family

    revengerat

  • RevengeRat Executable

    stealer

  • Boot or Logon Autostart Execution: Active Setup

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2