MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1ccba863eb3185bebd008a169c13cffa92234b3fb90f7876311e02d37a7e8e74. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RevengeRAT

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	1ccba863eb3185bebd008a169c13cffa92234b3fb90f7876311e02d37a7e8e74
SHA3-384 hash:	e24ed0cb554b74df1dffc18a2e76e68595b023a2dc684b1ca45d19085d610496ceaabf54737dfb3265d3e5db4514f99f
SHA1 hash:	080e40637297cce0c53830c34636c7a2b86a9ab0
MD5 hash:	366366b3862c26aa6cd90de1cdba76c8
humanhash:	yellow-nine-louisiana-ack
File name:	4A653NFB.exe
Download:	download sample
Signature	RevengeRAT Create hunting rule
File size:	24'576 bytes
First seen:	2020-04-01 16:00:44 UTC
Last seen:	2020-04-01 17:20:55 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'751 x AgentTesla, 19'657 x Formbook, 12'248 x SnakeKeylogger)
ssdeep	192:tT+8Pa9S8kjYTDGgbcp4Ll7SaSAfF9aEOnryD91ABkGxVXlqoNORJw:tTP/jYTDGggpXa3fJWyDbAnxmoNx
Threatray	61 similar samples on MalwareBazaar
TLSH	F2B22909B3DD473AC1BD03BC0DB342356375E5A39A62C71F1CD890AA8D52BD85B60BE8
Reporter	johannes
Tags:	RevengeRAT

viql

revengerat via https://pastebin.com/raw/4A653NFB

Intelligence

File Origin

# of uploads :

# of downloads :

391

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.BackDoor.RevetRat.2.8855.5009.UNOFFICIAL

Gathering data

Threat name:

ByteCode-MSIL.Trojan.Rrat

Status:

Malicious

First seen:

2020-04-01 16:35:31 UTC

File Type:

PE (.Net Exe)

AV detection:

29 of 31 (93.55%)

Threat level:

2/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=dtf2qy7lggc35piariljye6p7kjcgsz7xehxq5rrdybng6t6rz2a._file

Verdict:

malicious

RevengeRAT

23fc02f1e3783ac574850e9f210b8fb54e2a3dd589ed4b0399157e1708457ed1

RevengeRAT

437a6cc11412d97bbcc791e3a68f9293fcf021f5770b1ba3f97efbb442496e94

RevengeRAT

54fe3682ed81da191c61ee8aced68014cd74fd021d3873dca8c8c74a754bf868

RevengeRAT

58f1865d2fb00775add6c9d34aa504118bc962e08fba8fb79b288515320ef933

RevengeRAT

825de2cce7549059fc092704916dee1401491029efe6ea09fe2c7d51a1c2dabb

RevengeRAT

dbdc58f7cfaa402e4b6c0bbc0d3cae24c1939277a205da49c62d420b86a74f92

RevengeRAT

e1552429cfd87856478c497f2d6fa7e175a140f5b882019fcce39a5557092578

RevengeRAT

e868bbd65efb5d380540f4cfdec3ab7075886c94742f7bcdc45ade752eec81ab

RevengeRAT

ebe37e58ad73be76b4178d8b99d64c6505909113a9c3820f4aa2444bb551ef09

RevengeRAT

+ 51 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Link

https://pastebin.com/raw/4A653NFB

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_DLL_CHARACTERISTICS	Missing dll Security Characteristics (HIGH_ENTROPY_VA)	high

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample