MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 299af7f15d174ff027a719a08a4fde2d269a5b90e2c2a41eea5fb7769d4b7f5e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RevengeRAT

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	299af7f15d174ff027a719a08a4fde2d269a5b90e2c2a41eea5fb7769d4b7f5e
SHA3-384 hash:	3e8a1a1ecfa0bb8575e334ccb6570c324e78e7ac23443bf5591e46ecf204b0e599935131ff8e30f402afdd64c4c23088
SHA1 hash:	e40e2bd1639acd48428a93a29cee5c5da19cefd3
MD5 hash:	d8c33f6cfe8aed6ebd96231ccb563429
humanhash:	equal-avocado-victor-march
File name:	585eHqKL.exe
Download:	download sample
Signature	RevengeRAT Create hunting rule
File size:	16'896 bytes
First seen:	2020-03-22 13:42:19 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'747 x AgentTesla, 19'638 x Formbook, 12'244 x SnakeKeylogger)
ssdeep	384:H/5gk7lVzF3stf9oDPlMNcLlb5sVKhyZ5Ct:H/5gk7lVZUclMNEao
Threatray	61 similar samples on MalwareBazaar
TLSH	6272089777F4AA22C1BC27BD442521156B75834FEA11CB5E29D980FBF7A33C1AAC02D1
Reporter	johannes
Tags:	RevengeRAT

viql

revengerat via https://pastebin.com/raw/585eHqKL

Intelligence

File Origin

# of uploads :

# of downloads :

306

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

Win.Trojan.RevengeRat-6344273-0

Win.Malware.Zusy-6804067-0

Gathering data

Threat name:

ByteCode-MSIL.Trojan.Revetrat

Status:

Malicious

First seen:

2020-03-22 19:02:24 UTC

AV detection:

30 of 31 (96.77%)

Threat level:

5/5

Verdict:

malicious

RevengeRAT

0f0ad0df89b895ae4e7ad72b7d6bbea015fe566fe98b577553cb95cd3fb96766

RevengeRAT

291bf31470c9bcacec467c980adb7a3d111ebb6b72cf07147884a7eae5cabde9

RevengeRAT

31b10f1a4a6bb1e74af48d786c3c5957d1fdde4307adb24d5cbf06f278fc18ae

RevengeRAT

61772167a95f7d7eb84337c06144cbba21b88b0ace8ef24d59426c7a50e6acc6

RevengeRAT

6ebe2626d66a590a572cca546c2b1c472f5e1b7db26f89cc8f6f073125fe82c5

RevengeRAT

8efd6f95c39e86627b1f9cc553fa7bed152dbf4788662bee15d3b5bdf0c1b79e

RevengeRAT

b92fe7309b229fc2894d3b10b0a9cd148fb1b4214bffb3b0bd16ef219f21f632

RevengeRAT

c7bf30d34e0e14112c582d3b55aafabdfb00f563be001f3e1ab4e5d04b5c0271

RevengeRAT

d9a9a7ab99db0946ecb0f5f398eddd0d820ffbde0105164064e168f1ea73ba26

RevengeRAT

+ 51 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Link

https://pastebin.com/raw/585eHqKL

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_DLL_CHARACTERISTICS	Missing dll Security Characteristics (HIGH_ENTROPY_VA)	high

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample