MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 03fa4f4d4dae06093153f6e59e62c64006fa7753c3fd07ab6f96b217f500113d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RevengeRAT

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	03fa4f4d4dae06093153f6e59e62c64006fa7753c3fd07ab6f96b217f500113d
SHA3-384 hash:	6102b4982c3e4f0c566e5affdfef61ab6c882d1518fa409c6f25aa54a6a85d7c127a13481bde19af1bec722343ac3801
SHA1 hash:	af490db544a2e29092e0def20583cd3e8ce09994
MD5 hash:	0ea48ef64e1e3f67eb88146d702adbab
humanhash:	blossom-asparagus-florida-maryland
File name:	roundom.exe
Download:	download sample
Signature	RevengeRAT Create hunting rule
File size:	257'025 bytes
First seen:	2020-03-22 17:27:14 UTC
Last seen:	2020-03-22 19:38:02 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'748 x AgentTesla, 19'643 x Formbook, 12'245 x SnakeKeylogger)
ssdeep	3072:5C6aOHR9TmtEYIS8/PFroMkkX5lq4fZe2Ho5VewY+H5IMQNnIaXUC0i5aITUi4au:I6zrm2YOPgt4kdewY+ZIMQNnn0v62
Threatray	135 similar samples on MalwareBazaar
TLSH	504428D9E2985695C54444B194B68D3303EB6E932322C64E27C52EDF3D036CDE18BBEB
Reporter	Racco42
Tags:	exe RevengeRAT

Intelligence

File Origin

# of uploads :

# of downloads :

314

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Trojan.GenericKD.42831776.25238.6322.UNOFFICIAL

Gathering data

Threat name:

ByteCode-MSIL.Trojan.Rrat

Status:

Malicious

First seen:

2020-03-09 04:50:14 UTC

File Type:

PE (.Net Exe)

Extracted files:

AV detection:

26 of 31 (83.87%)

Threat level:

2/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=ap5e6tknvydasmkt63sz4ywgiadpu52typ6qpk3ps2zbp5iace6q._file

Verdict:

suspicious

RevengeRAT

15c3cfbad0e3b0afe327e53605c463775ef2ae1d5c21b23928a2aa34b7e36719

RevengeRAT

305d2dc35b0ce0040b0223e8fb187e04ac7c36e99ad620a7b824035183a2ccea

RevengeRAT

354d3e283f994802a084678c53be397a4ea4d46d7e48487e6db6c46f6f91ffb9

RevengeRAT

383e589441b2d47da8108e096dcbef6501935e91f248158a624bed91fef1524c

RevengeRAT

4f4ecb62cff991d6e30675be71df634dd9f0e48ce95c4ba92fc9116d6cc25896

RevengeRAT

7b09e5a976956a0554cb8fa07d9958ba192249fe512f45bee23d5e1ae9e2c974

RevengeRAT

7e9b9bbb673e25ab8ee790dbfd2a3e489c0d3a88ab73aafe671f68982f1b41da

RevengeRAT

8a0212846806b7a822b1275aa4421addc9914c4a988fc0ac6458a48dd99ff50d

RevengeRAT

d047df658498dd43b18f3adaa2775c42d1103a0c211eb52ff1e312c9f2784149

RevengeRAT

+ 125 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Other

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_DLL_CHARACTERISTICS	Missing dll Security Characteristics (HIGH_ENTROPY_VA)	high

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample