MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5fa5bb5b2cce4e18c09469346fa2778f3ef76900a9a486779b208bcac54e0435. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RevengeRAT

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments

SHA256 hash:	5fa5bb5b2cce4e18c09469346fa2778f3ef76900a9a486779b208bcac54e0435
SHA3-384 hash:	f9ef3fcb3ad5afe849483263c75d6dc49cfaef9fdac7f648ff36ec8de60d46c1b5e5f2ab36b671f10ab9327bdc08a538
SHA1 hash:	bc70d51b76877c69dc6cffaeeba93396f2a82f64
MD5 hash:	5ac65a1454b7fd3d9daf0ef3af4496b2
humanhash:	pennsylvania-eighteen-helium-equal
File name:	0se9U43j.exe
Download:	download sample
Signature	RevengeRAT Create hunting rule
File size:	24'576 bytes
First seen:	2020-09-16 19:02:39 UTC
Last seen:	2020-09-16 19:02:56 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'748 x AgentTesla, 19'653 x Formbook, 12'246 x SnakeKeylogger)
ssdeep	192:v7+8Pa9S8kjYTDGgbcp4LlRCSAfF9aEOnryD91ABkGxVX5qoN/ERJ4:v7P/jYTDGggpMC3fJWyDbAnxmoNP
Threatray	28 similar samples on MalwareBazaar
TLSH	BAB21809B7DD473AC1BD07BC0DB342256375E5A39A62C70F1CE890EA8952BD45B60BE8
Reporter	pmelson
Tags:	exe Revenge RevengeRAT

Intelligence

File Origin

# of uploads :

2

# of downloads :

291

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/62367/

Detection(s):

Win.Packed.Razy-9645384-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

Sending a UDP request

DNS request

Connection attempt

Result

Threat name:

RevengeRAT

Detection:

malicious

Classification:

troj

Score:

68 / 100

Link:

https://www.joesandbox.com/analysis/468404

Signature

Antivirus / Scanner detection for submitted sample

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Yara detected RevengeRAT

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/5fa5bb5b2cce4e18c09469346fa2778f3ef76900a9a486779b208bcac54e0435/

Threat name:

ByteCode-MSIL.Backdoor.RevengeRAT

Status:

Malicious

First seen:

2020-09-16 19:04:06 UTC

AV detection:

28 of 29 (96.55%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=l6s3wwzmzzhbrqeune2g7itxr47po2iavgsim543ecf4vrkoaq2q._file

Verdict:

malicious

Similar samples:

1ccba863eb3185bebd008a169c13cffa92234b3fb90f7876311e02d37a7e8e74

437a6cc11412d97bbcc791e3a68f9293fcf021f5770b1ba3f97efbb442496e94

54fe3682ed81da191c61ee8aced68014cd74fd021d3873dca8c8c74a754bf868

8cdf0712f86a0ae78cd5d61fb784a9d5ef40595e2524dfd539268bbbcc5e1360

b1584e021f20a3fc1bdd989fd34f981c7cb57da76485780da9bb975f1333b342

c04ec7f7397f2fccbf7fd967a5aa4aeca57c17dc1dac557bbe405ca8423c35ee

dbdc58f7cfaa402e4b6c0bbc0d3cae24c1939277a205da49c62d420b86a74f92

e1552429cfd87856478c497f2d6fa7e175a140f5b882019fcce39a5557092578

e868bbd65efb5d380540f4cfdec3ab7075886c94742f7bcdc45ade752eec81ab

ebe37e58ad73be76b4178d8b99d64c6505909113a9c3820f4aa2444bb551ef09

+ 18 additional samples on MalwareBazaar

Result

Malware family:

revengerat

Score:

10/10

Tags:

family:revengerat

Link:

https://tria.ge/reports/200916-rxzfynpfwa/

Behaviour

Revengerat family

Malware Config

C2 Extraction:

lapoire3.hopto.org:333

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

RevengeRAT

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/5fa5bb5b2cce4e18c09469346fa2778f3ef76900a9a486779b208bcac54e0435

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe 5fa5bb5b2cce4e18c09469346fa2778f3ef76900a9a486779b208bcac54e0435

(this sample)

Link

https://www.virustotal.com/gui/file/5fa5bb5b2cce4e18c09469346fa2778f3ef76900a9a486779b208bcac54e0435/detection

Delivery method

Distributed via web download

Cape

Cape

https://www.capesandbox.com/analysis/62367/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample