MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ac610045393947ca964d28f15807b623953c07614539b724af3aad7902c53833. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RevengeRAT

Vendor detections: 10

Intelligence 10 IOCs YARA 1 File information Comments

SHA256 hash:	ac610045393947ca964d28f15807b623953c07614539b724af3aad7902c53833
SHA3-384 hash:	1e9dafcbf006ff1e6a38653ce5c9d8ceeb09529c5f22869df6f1e3db1c07aecfd6e3104ec20e5f22bf2bd0c337129432
SHA1 hash:	a8f8b1c9ac1fef1574593dd8855c697b9daf7e5c
MD5 hash:	828488ed41ef4e46c56184fbd72b03e5
humanhash:	angel-six-cardinal-mississippi
File name:	e3BusHrt.exe
Download:	download sample
Signature	RevengeRAT Create hunting rule
File size:	17'408 bytes
First seen:	2020-11-20 12:02:20 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'752 x AgentTesla, 19'658 x Formbook, 12'248 x SnakeKeylogger)
ssdeep	384:lxUsKI6rmCrm5RnVLeDbSbXsVKNy/5yN:lzKILbeDGQY
Threatray	95 similar samples on MalwareBazaar
TLSH	A772F79667F8AE16C2BC2BBD495112116331D647DA21DFAE1DD481BBA3A33C059C42F3
Reporter	pmelson
Tags:	exe Revenge RevengeRAT

Intelligence

File Origin

# of uploads :

# of downloads :

1'301

Origin country :

n/a

Vendor Threat Intelligence

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

DNS request

Sending a UDP request

Using the Windows Management Instrumentation requests

Sending a TCP request to an infection source

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Result

Threat name:

Revenge RevengeRAT

Detection:

malicious

Classification:

troj.evad

Score:

84 / 100

Link:

https://www.joesandbox.com/analysis/544114

Signature

.NET source code contains potential unpacker

Antivirus / Scanner detection for submitted sample

Detected Revenge RAT

Found RAT behaviour (information extraction to be send to C&C)

Machine Learning detection for sample

Malicious sample detected (through community Yara rule)

Yara detected RevengeRAT

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/ac610045393947ca964d28f15807b623953c07614539b724af3aad7902c53833/

Threat name:

ByteCode-MSIL.Backdoor.RevengeRAT

Status:

Malicious

First seen:

2020-11-20 12:03:04 UTC

AV detection:

25 of 29 (86.21%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=vrqqarjzhfd4vfsnfdyvqb5weoktyb3biu43ojfphkwxsawfhazq._file

Verdict:

malicious

RevengeRAT

0c00b32af72a76cebfff85259e60a8f4aea66e93f198774dc370f5713a53fe00

RevengeRAT

56e5859ed8dc27386e209b3cd4959be7c76c33b0b59deb8e4449cf23e99d4cbc

RevengeRAT

5877724afe41bb6092c7644c8dc4c77d6ba0c51b1bcaf2986488067fc8478ebe

RevengeRAT

7bf399fd2232c77977014fb0089ee9c6b987c8833a6dbfbd33ec5c5e2c34ee6e

RevengeRAT

8efd6f95c39e86627b1f9cc553fa7bed152dbf4788662bee15d3b5bdf0c1b79e

RevengeRAT

a8745addaf2f95e0fe6afbc6d6712f817d4a819cf1d08bf7c0ff01822e18e1db

RevengeRAT

b523a7038662d534bd80af942685562a66e6364bf0fbf68aecf9f1131363543d

RevengeRAT

ed7c7b0532ef7edc3a22795f2d5d60cbd7c7a3ffda4f1810e3b8295ca2fe0bf5

RevengeRAT

f606b42f7ac74187afc73a56e7918f123daf396fe20fa3a5f3d7a0a5ce483b85

RevengeRAT

+ 85 additional samples on MalwareBazaar

Result

Malware family:

revengerat

Score:

10/10

Tags:

family:revengerat botnet:lavdachut stealer

Link:

https://tria.ge/reports/201120-yd568lg26e/

Behaviour

Checks processor information in registry

Suspicious use of AdjustPrivilegeToken

Malware Config

C2 Extraction:

xzim-57334.portmap.io:57334

Unpacked files

SH256 hash:

ac610045393947ca964d28f15807b623953c07614539b724af3aad7902c53833

MD5 hash:

828488ed41ef4e46c56184fbd72b03e5

SHA1 hash:

a8f8b1c9ac1fef1574593dd8855c697b9daf7e5c

Detections:

win_revenge_rat_g2

Link:

https://www.unpac.me/results/b710e857-d495-46c3-a0a8-e2acf06bb7da/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

RevengeRAT

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/ac610045393947ca964d28f15807b623953c07614539b724af3aad7902c53833

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	RevengeRAT_Sep17 Create hunting rule
Author:	Florian Roth
Description:	Detects RevengeRAT malware
Reference:	Internal Research

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RevengeRAT

exe ac610045393947ca964d28f15807b623953c07614539b724af3aad7902c53833

(this sample)

Link

https://www.virustotal.com/gui/file/ac610045393947ca964d28f15807b623953c07614539b724af3aad7902c53833/detection

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample