MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5144b5507d1382c06a75118dfc3f2899701e5e1e7b5abe93734fa9a99efd3768. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RevengeRAT


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5144b5507d1382c06a75118dfc3f2899701e5e1e7b5abe93734fa9a99efd3768
SHA3-384 hash: 397ad8feed66fc9f6806ea7c6737399f4d3196767fcde71428bd945fef7f290ec9ba5f517f4a0526f2335db4abbdb796
SHA1 hash: f15e11e78f687a8e73d520a41a37d0385771f102
MD5 hash: 709c60b92b3044934adebf6333165047
humanhash: tennis-washington-carpet-ack
File name:Koronavirus Turizm Destek Paketi Hakkında.exe
Download: download sample
Signature RevengeRAT
Create hunting rule
File size:281'088 bytes
First seen:2020-04-20 15:39:49 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'666 x AgentTesla, 19'479 x Formbook, 12'209 x SnakeKeylogger)
ssdeep 6144:TCNNqAkzL7r9r/EDppppppppppppppppppppppppppppp0G:wmP7r9r/+ppppppppppppppppppppppJ
Threatray 94 similar samples on MalwareBazaar
TLSH 7D547485E6446B64EC69AB306936CD3443637DED9A74EA0C3DCD3D6B3FBB6835022016
Reporter abuse_ch
Tags:COVID-19 exe geo RAT RevengeRAT TUR


Avatar
abuse_ch
COVID-19 themed malspam distributing RevengeRAT:

HELO: ns1.ihsdnsx59.com
Sending IP: 185.216.113.150
From: hanife@anstur.com.tr
Subject: Covid-19 TURİZM Destek Paketi
Attachment: Koronavirus Turizm Destek Paketi Hakkında.rar (contains "Koronavirus Turizm Destek Paketi Hakkında.exe")

RevengeRAT C2:
185.114.23.203:14523

Intelligence

File Origin
# of uploads :
1
# of downloads :
412
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.DownLoader33.34793.26522.26553.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Casdet
Create hunting rule
Status:
Malicious
First seen:
2020-04-20 16:35:23 UTC
File Type:
PE (.Net Exe)
Extracted files:
38
AV detection:
23 of 30 (76.67%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=kfclkud5cobma2tvcgg7ypzitfyb4xq6pnnl5e3tj6u2thx5g5ua._file
Verdict:
suspicious
Similar samples:
00a0100d050d944a9ffcec6964dd2b4f04e19a7e86ef5e03444824db2ca602b2
RevengeRAT
145ad1b69242e6c7bbf57563206310d0a51aea37e996cdbd6cf26d4c93cf3c20
RevengeRAT
19ca70210efcd08d6a96909cebb3e8cdfc941456e07893122730e5c5b344b294
RevengeRAT
3739f1ed8aea0841da101e01354b6a80719edce7a982ff5ef86c6e291d503b9b
RevengeRAT
50731cb586a4c601689830828025729a5b8663e0adb09ef6b07ff50b8ce936d9
RevengeRAT
68d2d73272b19025d18d9e68a5da99816381a77a12228acdeadf074e68a119a6
RevengeRAT
692edb91091b23c85b594f82921ee682aa25f1902d048e54fed4edafe0549e3f
RevengeRAT
ae6f078b6a993e8bd82b0ac786409354d9695661b55822d04d31ef8277749e72
RevengeRAT
d4d82b7e348c43a232258b4a3c2d1278e69f7a27b47056a5946f4706b59f914f
RevengeRAT
f6f1b197a2b2ad6cebaddc12b7f421305ec3d61bb56abc214a19e702e49485cc
RevengeRAT
+ 84 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RevengeRAT

rar e2f90892e75a3c5e4a3c60233cd6d74ad090fe1d666606a367dade37b52a0122

RevengeRAT

Executable exe 5144b5507d1382c06a75118dfc3f2899701e5e1e7b5abe93734fa9a99efd3768

(this sample)

  
Dropped by
MD5 d323c0de9120dff8362e8ec37f09d314
  
Dropped by
SHA256 e2f90892e75a3c5e4a3c60233cd6d74ad090fe1d666606a367dade37b52a0122
  
Delivery method
Distributed via e-mail attachment

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments