MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b1584e021f20a3fc1bdd989fd34f981c7cb57da76485780da9bb975f1333b342. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RevengeRAT

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments

SHA256 hash:	b1584e021f20a3fc1bdd989fd34f981c7cb57da76485780da9bb975f1333b342
SHA3-384 hash:	85d0c63960d1a7765f735ee8ffd48301c548c2b685fcccd969eed98e43b86a789997a3f063f5637d049de1c621fb49e2
SHA1 hash:	320ca7fb83ef75eacc4fe20444e38b55c990ba6d
MD5 hash:	ede04e4397915c29f747ecffd9ec1e55
humanhash:	sierra-tango-may-asparagus
File name:	cn4pDeQV.exe
Download:	download sample
Signature	RevengeRAT Create hunting rule
File size:	24'576 bytes
First seen:	2020-09-15 13:32:21 UTC
Last seen:	2020-09-15 13:32:39 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'748 x AgentTesla, 19'653 x Formbook, 12'246 x SnakeKeylogger)
ssdeep	192:87+8Pa9S8kjYTDGgbcp4Ll9CSAfF9aEOnryD91ABkGxVX6qoN/RRJ4:87P/jYTDGggpoC3fJWyDbAnx1oNS
Threatray	26 similar samples on MalwareBazaar
TLSH	BEB21A09B7ED4739C1BD03BC0DB3423563B5E5A39962C70F1CD880AA9D52BD55B60BE8
Reporter	pmelson
Tags:	exe Revenge RevengeRAT

Intelligence

File Origin

# of uploads :

2

# of downloads :

290

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/60566/

Detection(s):

Win.Packed.Razy-9645384-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

DNS request

Using the Windows Management Instrumentation requests

Sending a custom TCP request

Sending a UDP request

Result

Threat name:

RevengeRAT

Detection:

malicious

Classification:

troj

Score:

72 / 100

Link:

https://www.joesandbox.com/analysis/466640

Signature

Antivirus / Scanner detection for submitted sample

Deletes itself after installation

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Yara detected RevengeRAT

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/b1584e021f20a3fc1bdd989fd34f981c7cb57da76485780da9bb975f1333b342/

Threat name:

ByteCode-MSIL.Backdoor.RevengeRAT

Status:

Malicious

First seen:

2020-09-15 13:34:06 UTC

AV detection:

28 of 29 (96.55%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=wfme4aq7ecr7yg65tcp5gt4ydr6lk7nhmscxqdnjxolv6eztwnba._file

Verdict:

malicious

Similar samples:

1ccba863eb3185bebd008a169c13cffa92234b3fb90f7876311e02d37a7e8e74

437a6cc11412d97bbcc791e3a68f9293fcf021f5770b1ba3f97efbb442496e94

54fe3682ed81da191c61ee8aced68014cd74fd021d3873dca8c8c74a754bf868

58f1865d2fb00775add6c9d34aa504118bc962e08fba8fb79b288515320ef933

8cdf0712f86a0ae78cd5d61fb784a9d5ef40595e2524dfd539268bbbcc5e1360

c04ec7f7397f2fccbf7fd967a5aa4aeca57c17dc1dac557bbe405ca8423c35ee

dbdc58f7cfaa402e4b6c0bbc0d3cae24c1939277a205da49c62d420b86a74f92

e1552429cfd87856478c497f2d6fa7e175a140f5b882019fcce39a5557092578

e868bbd65efb5d380540f4cfdec3ab7075886c94742f7bcdc45ade752eec81ab

ebe37e58ad73be76b4178d8b99d64c6505909113a9c3820f4aa2444bb551ef09

+ 16 additional samples on MalwareBazaar

Result

Malware family:

revengerat

Score:

10/10

Tags:

family:revengerat

Link:

https://tria.ge/reports/200915-q35d3ezk86/

Behaviour

Revengerat family

Malware Config

C2 Extraction:

lapoire3.hopto.org:333

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

RevengeRAT

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/b1584e021f20a3fc1bdd989fd34f981c7cb57da76485780da9bb975f1333b342

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe b1584e021f20a3fc1bdd989fd34f981c7cb57da76485780da9bb975f1333b342

(this sample)

Link

https://www.virustotal.com/gui/file/b1584e021f20a3fc1bdd989fd34f981c7cb57da76485780da9bb975f1333b342/detection

Delivery method

Distributed via web download

Cape

Cape

https://www.capesandbox.com/analysis/60566/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample