MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a4b56ba3f208c1a1211cf2c9164b8b1da5406045fa80f32e4bb324886b10e611. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RevengeRAT


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a4b56ba3f208c1a1211cf2c9164b8b1da5406045fa80f32e4bb324886b10e611
SHA3-384 hash: 10d17428d919e50db0f389cbec5ddec7fd66862dac7c41f4c6c2112c97e6b85f313cea46d81fb4b907ced7da878d36fe
SHA1 hash: 4515110133203655cb4ddce04002491254df7a7a
MD5 hash: 9776dc76100860d3dbb1063998b1752c
humanhash: fifteen-sodium-island-table
File name:a4b56ba3f208c1a1211cf2c9164b8b1da5406045fa80f32e4bb324886b10e611
Download: download sample
Signature RevengeRAT
Create hunting rule
File size:7'621'632 bytes
First seen:2020-11-11 11:42:33 UTC
Last seen:2020-11-11 13:51:29 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 720f62ecaae027b5c3ec6686644322e9 (12 x njrat, 8 x RevengeRAT, 4 x AgentTesla)
ssdeep 196608:+/4okPabmFM6DZpdFGX2SC/17kTcc8SjqBtLz3c67H:TPPBMMJAXleaccqvc6j
Threatray 58 similar samples on MalwareBazaar
TLSH 4676232AA3806F23CDDF79F4D0D4D66497213EE30A61B6A22BB57621FB31587DE1205C
Reporter seifreed
Tags:RevengeRAT

Intelligence

File Origin
# of uploads :
2
# of downloads :
850
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Variant.Zusy.335680.21229.30613.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Launching the default Windows debugger (dwwin.exe)
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/531751
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 314975 Sample: uol38zS5sH Startdate: 12/11/2020 Architecture: WINDOWS Score: 48 16 Multi AV Scanner detection for submitted file 2->16 6 uol38zS5sH.exe 2->6         started        process3 process4 8 WerFault.exe 23 9 6->8         started        dnsIp5 14 192.168.2.1 unknown unknown 8->14 12 C:\ProgramData\Microsoft\...\Report.wer, Little-endian 8->12 dropped file6
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a4b56ba3f208c1a1211cf2c9164b8b1da5406045fa80f32e4bb324886b10e611/
Threat name:
Win32.Trojan.Glupteba
Create hunting rule
Status:
Malicious
First seen:
2020-11-11 11:54:11 UTC
AV detection:
14 of 29 (48.28%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=us2wxi7sbda2cii46lerms4ldwsuaycf7kapglslwmsiq2yq4yiq._file
Verdict:
unknown
Similar samples:
2028ddda2340b3b970746b54e87062982d668a9314d84175d2a759426d2b23f9
RevengeRAT
3f421e5ab11f7b67712cd164a875e0c78c4f13d697999392cab260bb73ca3a5a
RevengeRAT
43a0c2443d1a63d4cc498bae9d459590b37379d5dd57a625545fa484a99d3fb6
RevengeRAT
9c30836b7e26dc68f2f9299a1014cfda6fd1446b9938d559c82aa6462b5fcab9
RevengeRAT
a6cb21742488b2257cc39988ced61f7ef5be6d3eff506c10fbc265aa560e6bd4
RevengeRAT
b8fbf85d1eab97ed168f99eb07d13294594675a051c2056b5374630d81fd974d
RevengeRAT
bff28338bbadacd9bd733c2d87b16357874b8e9ff7cccdca89a330193fabc9f5
RevengeRAT
d873f30f48805a3dbab8c976665c26fc9c661e23f3b82f143fdd7346268b595a
RevengeRAT
e9f0d843d20ec7dbba3f8e8e4a412d369d997b384a10762ccf02544738a39358
RevengeRAT
f829c65731383f66a34a87af8aac93119ee04674c3dc8a07796fb470db03bd42
RevengeRAT
+ 48 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/201111-m5rqjg6lge/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Unpacked files
SH256 hash:
a4b56ba3f208c1a1211cf2c9164b8b1da5406045fa80f32e4bb324886b10e611
MD5 hash:
9776dc76100860d3dbb1063998b1752c
SHA1 hash:
4515110133203655cb4ddce04002491254df7a7a
Detections:
win_revenge_rat_g2
Create hunting rule
Link:
https://www.unpac.me/results/56130269-80d0-4e26-b2de-9b030f339a32/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments