MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 31b10f1a4a6bb1e74af48d786c3c5957d1fdde4307adb24d5cbf06f278fc18ae. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RevengeRAT

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	31b10f1a4a6bb1e74af48d786c3c5957d1fdde4307adb24d5cbf06f278fc18ae
SHA3-384 hash:	668bebc04639521801c844dcf211bc2af6f4f8cef02b9fad9a0819da294e286644d209706e20999f2b20a1e79cc20126
SHA1 hash:	8bd1d4205dc4b4c057f73f47333f33ef9866cd7f
MD5 hash:	7ce0ae6f480ddfcdb6791b4c657c0457
humanhash:	twelve-beryllium-two-charlie
File name:	file
Download:	download sample
Signature	RevengeRAT Create hunting rule
File size:	17'920 bytes
First seen:	2020-02-27 16:47:22 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'658 x AgentTesla, 19'469 x Formbook, 12'208 x SnakeKeylogger)
ssdeep	384:crRPot9VcjGYbalEM7s/oObysVK8sy0XfWc:crRPG9galEoGCbXu
Threatray	50 similar samples on MalwareBazaar
TLSH	128219DA77B4AA06D2BC67FD416220255B71868FA501C75F2DD484FBB7B33C0AA407E2
Reporter	johannes
Tags:	RevengeRAT

viql

revengerat via https://pastebin.com/raw/Ur3YRRwV

Intelligence

File Origin

# of uploads :

# of downloads :

105

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

Win.Trojan.RevengeRat-6344273-0

Gathering data

Threat name:

ByteCode-MSIL.Trojan.Revetrat

Status:

Malicious

First seen:

2020-02-18 18:49:00 UTC

AV detection:

30 of 31 (96.77%)

Threat level:

5/5

Verdict:

malicious

RevengeRAT

0f0ad0df89b895ae4e7ad72b7d6bbea015fe566fe98b577553cb95cd3fb96766

RevengeRAT

0f9f2ed3669af8502dfad754d0dc2e7682fe7bc4d0044f7cc3ca61a0e1170d15

RevengeRAT

291bf31470c9bcacec467c980adb7a3d111ebb6b72cf07147884a7eae5cabde9

RevengeRAT

61772167a95f7d7eb84337c06144cbba21b88b0ace8ef24d59426c7a50e6acc6

RevengeRAT

6ebe2626d66a590a572cca546c2b1c472f5e1b7db26f89cc8f6f073125fe82c5

RevengeRAT

8efd6f95c39e86627b1f9cc553fa7bed152dbf4788662bee15d3b5bdf0c1b79e

RevengeRAT

b92fe7309b229fc2894d3b10b0a9cd148fb1b4214bffb3b0bd16ef219f21f632

RevengeRAT

c7bf30d34e0e14112c582d3b55aafabdfb00f563be001f3e1ab4e5d04b5c0271

RevengeRAT

d9a9a7ab99db0946ecb0f5f398eddd0d820ffbde0105164064e168f1ea73ba26

RevengeRAT

+ 40 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

10/10

Tags:

n/a

Link:

https://tria.ge/reports/201109-vz5n7mmyh6/

Behaviour

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Drops startup file

Uses the VBS compiler for execution

Malware Config

C2 Extraction:

memo445.ddns.net:1337

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Unknown

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/31b10f1a4a6bb1e74af48d786c3c5957d1fdde4307adb24d5cbf06f278fc18ae

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_DLL_CHARACTERISTICS	Missing dll Security Characteristics (HIGH_ENTROPY_VA)	high

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample