Extracted

• • Target

    JaffaCakes118_998c0e237d2eed92adbfb66e99c64837

  • Size

    83KB

  • MD5

    998c0e237d2eed92adbfb66e99c64837

  • SHA1

    02df64de47a25de34022ed6b477b9b328b011bb0

  • SHA256

    829751ac7bfb64b581249217a726a00f2ac0d05ac6e3857491df5cbfc99cc811

  • SHA512

    7fe345b9bd0b348d54489f418b2054a696e1226b1b8456db13aff9c787662163775ba34a60f064c05949790ae14c3b754a1a473e1b5e46c6e1ed43eb4ae44faf

  • SSDEEP

    1536:ThReVQ4ao0s/XjLKFJn5kyD/HYtRODDOkpDWUAwaC6iAX:lReVZaoh/XjLKFJnSyctRODSkpyUAwa7

  Score

  10^/10

  revengeratdefense_evasiondiscoverypersistencespywarestealertrojan

  • RevengeRAT

    Remote-access trojan with a wide range of capabilities.

    trojanrevengerat

  • Revengerat family

    revengerat

  • RevengeRat Executable

    stealer

  • Boot or Logon Autostart Execution: Active Setup

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence

  • Disables RegEdit via registry modification

    defense_evasion

  • Disables Task Manager via registry modification

    defense_evasion

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1