MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 460cca0f6a1acc665e76da5539844db4fd042761cbe9641a2b9fb663a322a3ab. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RevengeRAT


Vendor detections: 4


Intelligence 4 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 460cca0f6a1acc665e76da5539844db4fd042761cbe9641a2b9fb663a322a3ab
SHA3-384 hash: 166be403368fef8e65d79559e57557e8791d7d118767e44263c0809009db9fad879ec806cfce7d18480ebdd0c72cfe38
SHA1 hash: 4f506d445d3ebdddb75c27a5210044e346831899
MD5 hash: df04e111a70743f7141dd91db55e574f
humanhash: golf-twenty-twenty-uranus
File name:dony.exe
Download: download sample
Signature RevengeRAT
Create hunting rule
File size:51'200 bytes
First seen:2020-05-01 20:23:20 UTC
Last seen:2020-05-01 20:37:21 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'742 x AgentTesla, 19'607 x Formbook, 12'242 x SnakeKeylogger)
ssdeep 768:+FE95AzWlOuEO/9hq4wW6tJNs7wkwcn8uH2C0yRmw4rgS0oX2T:d3A6l7/9hq4P6tCrvnH0yRmwln
Threatray 98 similar samples on MalwareBazaar
TLSH BD33C6127B8B4752CA5C257A80EF301413F1A7CB5B33D64E2E9D439D5E22393AA46BCD
Reporter James_inthe_box
Tags:exe RevengeRAT

Intelligence

File Origin
# of uploads :
2
# of downloads :
401
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.RevengeRAT-6690354-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Razy
Create hunting rule
Status:
Malicious
First seen:
2020-05-01 20:23:12 UTC
File Type:
PE (Exe)
AV detection:
25 of 31 (80.65%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=iygmud3kdlggmxtw3jkttbcnwt6qij3bzpuwigrlt63ghizcuovq._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
3764a8690d829b849cc82babfb6dc75a3b6f812e46d3d9535c380c187534094e
RevengeRAT
7af6be720f63c86de10443745e332a5717aa9b14fa3e8ecca584ef370f2080da
RevengeRAT
a324263f8734bb62ba035022d5533419994482ccd63f8adbf717ae52a9c2e6e1
RevengeRAT
d74f9f54c19ff7ec1301b84bc72ee2b143c94db7b56c88b4c660cb7abcd7b513
RevengeRAT
d85497f61b07d8f8cc30c3c66ab21883a0274c7a3e7bc982a3a622ca2eed39a4
RevengeRAT
e0287568096f94034a8746adef8f4c08db4ef5f51134f90740b1c72eb1b1eb0b
RevengeRAT
e44ea6095036b15910c82941c0c3af5178687d3deeb9954adf9967cd833b9349
RevengeRAT
e72478765908b84f150ef0b7e895cfca0780a9107de6cf819ec5715f6f179acd
RevengeRAT
ed5c6f06e459285fa5e621026be965558add0841e7426ecee6d3e41d5e9b9761
RevengeRAT
edcf2ab0937689a7e0475395a8654f874e413649ee63100e61c4d1a8c09ba681
RevengeRAT
+ 88 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:RevengeRAT_Sep17
Create hunting rule
Author:Florian Roth
Description:Detects RevengeRAT malware
Reference:Internal Research

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh

Comments