MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a13443ddffc38f9d8150e73641ff1b9d8def6fbc448fa9cf0e5263575b23d6d7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RevengeRAT

Vendor detections: 11

Intelligence 11 IOCs 1 YARA File information Comments

SHA256 hash:	a13443ddffc38f9d8150e73641ff1b9d8def6fbc448fa9cf0e5263575b23d6d7
SHA3-384 hash:	005f97486ae23434c21b89ea7662a2190ed5d8a2c09f4a53aa6ccad89692f4774d7cddf03337be13a192f8721ba334b8
SHA1 hash:	d0fbddaabfad5a851f5bdf6fcf9edbb60ef5d81c
MD5 hash:	b4736d138e689f291576dd4ccfeebebd
humanhash:	charlie-east-burger-bakerloo
File name:	b4736d138e689f291576dd4ccfeebebd.exe
Download:	download sample
Signature	RevengeRAT Create hunting rule
File size:	9'281'421 bytes
First seen:	2021-11-17 15:31:32 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	5a594319a0d69dbc452e748bcf05892e (28 x Gh0stRAT, 21 x ParallaxRAT, 15 x NetSupport)
ssdeep	98304:RSi84R8500t9Yx2c6sfkZvNgQ6dvkp6HvLTV/MZ+OBq1JnJ7h1pchAOxPH+XTpF+:fRO0U9YtQKx1kAHvZuClihkDp39qu0Px
Threatray	1'205 similar samples on MalwareBazaar
TLSH	T1DB96222BA268343EC06A773171BE8350C8FB6A60651B8C1F0FF0594DEF665611E3A6F5
File icon (PE):
dhash icon	32c9b0326272f049 (1 x RevengeRAT)
Reporter	abuse_ch
Tags:	exe RevengeRAT

abuse_ch

RevengeRAT C2:
91.109.190.9:333

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOC	ThreatFox Reference
91.109.190.9:333	https://threatfox.abuse.ch/ioc/250357/

Intelligence

File Origin

# of uploads :

# of downloads :

737

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

b4736d138e689f291576dd4ccfeebebd.exe

Verdict:

Suspicious activity

Analysis date:

2021-11-17 15:47:15 UTC

Tags:

installer

Link:

https://app.any.run/tasks/a6fc33ba-6c81-4f63-9697-41cd0dcce7a8

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Gathering data

Detection(s):

PUA.Win.Packer.Exe-6

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a file in the %temp% subdirectories

Creating a window

Creating a process from a recently created file

Сreating synchronization primitives

Searching for synchronization primitives

Searching for the window

DNS request

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Tags:

overlay packed

Link:

https://www.filescan.io/uploads/619520752695a62af9f240d8/reports/0784c1f5-ae7b-47dc-b8cc-50e731d693cc/overview

Malware family:

Torwofun

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/38163ee7-0dc8-4712-9f73-984592640bbf

Result

Threat name:

Unknown

Detection:

malicious

Classification:

n/a

Score:

48 / 100

Link:

https://www.joesandbox.com/analysis/891335

Signature

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/a13443ddffc38f9d8150e73641ff1b9d8def6fbc448fa9cf0e5263575b23d6d7/

Threat name:

ByteCode-MSIL.Trojan.BitCoin

Status:

Malicious

First seen:

2021-11-12 19:20:21 UTC

AV detection:

17 of 28 (60.71%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=ue2ehxp7yohz3akq443ed7y3twg66354ish2ttyokjrvowzd23lq._file

Verdict:

malicious

RevengeRAT

0ed07cd100c933c766b2183c8c46f913116bc89b2651e22c3dd5a61c06913b7a

RevengeRAT

474a473bf46fdbfb5a9344937674c1455d764e74c2cd8892da7d59f68ffadd5c

RevengeRAT

8d31cd4a15ce8347ee5d40ec43f3f0f6f1938887613d8dd58962df1cf7bfebca

RevengeRAT

951049989eb772c71ec4fa9f0685ab45cae755ca5d34cf3089fd791999fafa1c

RevengeRAT

a8b12d8c9b157105d4fff973368fc6e916739ca23aa520548e4fd5955780bf52

RevengeRAT

b943704744a23c06174a36aa0e24ecc7ac67aad9edc9c4bd46dd1f007514796d

RevengeRAT

c656d7d18181d06dc4ffa7a0477f44c5ba4e891c18bb66ba31f8f8ddba22f742

RevengeRAT

da19103e927e19daedc51212deb60ceca403e3e9876c52a9dec41d7e6215929b

RevengeRAT

+ 1'195 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

8/10

Tags:

n/a

Link:

https://tria.ge/reports/211117-syl8vsdbg4/

Behaviour

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of WriteProcessMemory

Loads dropped DLL

Executes dropped EXE

Unpacked files

SH256 hash:

7845a110bdfbb39d32f6d144561b22cc7872e3075780c3bf9d055c87965884cc

MD5 hash:

0dc8680f658c312d41414506481ec3f6

SHA1 hash:

aaa4f0ffbce86a179a2b50d68d96d82b2fc218fb

Link:

https://www.unpac.me/results/fb906f18-c630-43c5-9f60-6ef2cd32171b/

SH256 hash:

a13443ddffc38f9d8150e73641ff1b9d8def6fbc448fa9cf0e5263575b23d6d7

MD5 hash:

b4736d138e689f291576dd4ccfeebebd

SHA1 hash:

d0fbddaabfad5a851f5bdf6fcf9edbb60ef5d81c

Link:

https://www.unpac.me/results/fb906f18-c630-43c5-9f60-6ef2cd32171b/

Malware family:

RevengeRAT

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/a13443ddffc3/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/a13443ddffc38f9d8150e73641ff1b9d8def6fbc448fa9cf0e5263575b23d6d7

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/206919/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample