MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 437a6cc11412d97bbcc791e3a68f9293fcf021f5770b1ba3f97efbb442496e94. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RevengeRAT

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	437a6cc11412d97bbcc791e3a68f9293fcf021f5770b1ba3f97efbb442496e94
SHA3-384 hash:	fcf83f458536bc696b3939ff11712b7b3a066ade08974f23ef21c2eedb5463483a5c29e63b8483c834c01bf23ba705db
SHA1 hash:	8fd908b8606a4edf88fde1e61687832bb65e4722
MD5 hash:	d4316cad9dd063df031d6ec56991ce17
humanhash:	december-carolina-burger-echo
File name:	CNF05E7Z.exe
Download:	download sample
Signature	RevengeRAT Create hunting rule
File size:	24'576 bytes
First seen:	2020-03-31 09:15:57 UTC
Last seen:	2020-03-31 09:27:01 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'748 x AgentTesla, 19'652 x Formbook, 12'246 x SnakeKeylogger)
ssdeep	192:rFx+8Pa9S8kjYTDGgbcp4LlZ+SAfF9aEOnryD91ABkGxVXqqqoNjRJc:rvP/jYTDGggpM+3fJWyDbAnxYoNw
Threatray	75 similar samples on MalwareBazaar
TLSH	3CB21909B7DD4739C1BD03BC0DB242256375E5A39A62C70F1CD890AA8D52BD55B20BE8
Reporter	johannes
Tags:	RevengeRAT

viql

revengerat via https://pastebin.com/raw/CNF05E7Z

Intelligence

File Origin

# of uploads :

# of downloads :

377

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.BackDoor.RevetRat.2.6275.26090.UNOFFICIAL

Gathering data

Threat name:

ByteCode-MSIL.Trojan.Rrat

Status:

Malicious

First seen:

2020-03-31 09:35:18 UTC

AV detection:

29 of 31 (93.55%)

Threat level:

2/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=in5gzqiuclmxxpghshr2nd4ssp6paipvo4frxi7zp353iqsjn2ka._file

Verdict:

malicious

RevengeRAT

1ccba863eb3185bebd008a169c13cffa92234b3fb90f7876311e02d37a7e8e74

RevengeRAT

23fc02f1e3783ac574850e9f210b8fb54e2a3dd589ed4b0399157e1708457ed1

RevengeRAT

54fe3682ed81da191c61ee8aced68014cd74fd021d3873dca8c8c74a754bf868

RevengeRAT

58f1865d2fb00775add6c9d34aa504118bc962e08fba8fb79b288515320ef933

RevengeRAT

825de2cce7549059fc092704916dee1401491029efe6ea09fe2c7d51a1c2dabb

RevengeRAT

dbdc58f7cfaa402e4b6c0bbc0d3cae24c1939277a205da49c62d420b86a74f92

RevengeRAT

e1552429cfd87856478c497f2d6fa7e175a140f5b882019fcce39a5557092578

RevengeRAT

e868bbd65efb5d380540f4cfdec3ab7075886c94742f7bcdc45ade752eec81ab

RevengeRAT

ebe37e58ad73be76b4178d8b99d64c6505909113a9c3820f4aa2444bb551ef09

RevengeRAT

+ 65 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Link

https://pastebin.com/raw/CNF05E7Z

Link

https://pastebin.com/raw/jcSWWz0C

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_DLL_CHARACTERISTICS	Missing dll Security Characteristics (HIGH_ENTROPY_VA)	high

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample