MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 54fe3682ed81da191c61ee8aced68014cd74fd021d3873dca8c8c74a754bf868. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RevengeRAT


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 54fe3682ed81da191c61ee8aced68014cd74fd021d3873dca8c8c74a754bf868
SHA3-384 hash: a6d7a90849d1aef9ce510b68527614a495e2122ce1b5bb3128138eba0b336e23d893e3be0aca2712e74526c268df9cca
SHA1 hash: 7f99283023124617297d17e09afff7684b242265
MD5 hash: 24a886039254dc4c8306086cb6d49c6e
humanhash: pluto-muppet-social-fifteen
File name:NhgkvCHw.exe
Download: download sample
Signature RevengeRAT
Create hunting rule
File size:24'576 bytes
First seen:2020-03-22 06:14:34 UTC
Last seen:2020-03-22 07:32:59 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'748 x AgentTesla, 19'652 x Formbook, 12'246 x SnakeKeylogger)
ssdeep 192:UL+8Pa9S8kjYTDGgbcp4LlJySAfF9aEOnryD91ABkGxVXQqoNXRJI:ULP/jYTDGggpUy3fJWyDbAnxjoNo
Threatray 61 similar samples on MalwareBazaar
TLSH 27B22A09B7DD473AC1BD07BC4DB342256375E5A39A62C30F1CD880AB8D52BD85B60BE8
Reporter johannes
Tags:RevengeRAT


Avatar
viql
revengerat via https://pastebin.com/raw/NhgkvCHw

Intelligence

File Origin
# of uploads :
2
# of downloads :
295
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.BackDoor.RevetRat.2.17264.10956.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Rrat
Create hunting rule
Status:
Malicious
First seen:
2020-03-22 11:00:25 UTC
AV detection:
26 of 30 (86.67%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=kt7dnaxnqhnbshdb52fm5vuactgxj7icdu4hhxfizdduu5kl7bua._file
Verdict:
malicious
Similar samples:
0760806d2cb04dfa58902d85e3503e313805e8056565097cf18d4d24249679d3
RevengeRAT
1ccba863eb3185bebd008a169c13cffa92234b3fb90f7876311e02d37a7e8e74
RevengeRAT
23fc02f1e3783ac574850e9f210b8fb54e2a3dd589ed4b0399157e1708457ed1
RevengeRAT
437a6cc11412d97bbcc791e3a68f9293fcf021f5770b1ba3f97efbb442496e94
RevengeRAT
58f1865d2fb00775add6c9d34aa504118bc962e08fba8fb79b288515320ef933
RevengeRAT
825de2cce7549059fc092704916dee1401491029efe6ea09fe2c7d51a1c2dabb
RevengeRAT
dbdc58f7cfaa402e4b6c0bbc0d3cae24c1939277a205da49c62d420b86a74f92
RevengeRAT
e1552429cfd87856478c497f2d6fa7e175a140f5b882019fcce39a5557092578
RevengeRAT
e868bbd65efb5d380540f4cfdec3ab7075886c94742f7bcdc45ade752eec81ab
RevengeRAT
ebe37e58ad73be76b4178d8b99d64c6505909113a9c3820f4aa2444bb551ef09
RevengeRAT
+ 51 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Link
https://pastebin.com/raw/NhgkvCHw

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments