MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b1e60654c8ec10842163c0b57224f1bbdbb9536dcd86da916a5d16379a08c7a9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RevengeRAT


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b1e60654c8ec10842163c0b57224f1bbdbb9536dcd86da916a5d16379a08c7a9
SHA3-384 hash: a247fc216c756674a400437d8861e5a54185130bddbc3de84ba7e4a23906a643208da1012453c3d4f666533737aeaa56
SHA1 hash: fab8246f1f5f6dcbc85de710547f0c173094a2cf
MD5 hash: 0db1d8ddc6eeb74965961de3258d83c4
humanhash: quebec-comet-helium-vegan
File name:0d05942ce51fea8c8724dc6f3f9a6b3b077224f1f730feac3c84efe2d2d6d13e.zip
Download: download sample
Signature RevengeRAT
Create hunting rule
File size:45'146 bytes
First seen:2023-10-05 05:59:09 UTC
Last seen:Never
File type: zip
MIME type:application/zip
Note:This file is a password protected archive. The password is: infected
ssdeep 768:A6l48NHfsyokMU7GfyldygaVTQrJTaI3LRUlQuWEy91WhB3WUfKfPo4aeAix:AUuyoTUyfcA5VTQNW+N3JEy91Wf3WUob
TLSH T16313F11F8C61FBB995BC5F179A48A1BA91A90D9E63C0D409DB3DB5E1780CD6EE81C130
TrID 80.0% (.ZIP) ZIP compressed archive (4000/1)
20.0% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1)
Reporter Anonymous
Tags:RevengeRAT zip

Intelligence

File Origin
# of uploads :
1
# of downloads :
128
Origin country :
AU AU
File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:0d05942ce51fea8c8724dc6f3f9a6b3b077224f1f730feac3c84efe2d2d6d13e
File size:108'032 bytes
SHA256 hash: 0d05942ce51fea8c8724dc6f3f9a6b3b077224f1f730feac3c84efe2d2d6d13e
MD5 hash: 278d1b8f1f5d8ec25f5a0714b35fbe40
MIME type:application/x-dosexec
Signature RevengeRAT
Vendor Threat Intelligence
Result
Verdict:
Unknown
File Type:
PE File
Link:
https://app.docguard.net/b1e60654c8ec10842163c0b57224f1bbdbb9536dcd86da916a5d16379a08c7a9/results/dashboard
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-vm control evasive lolbin packed rat replace shell32
Link:
https://www.filescan.io/uploads/651e50e364965c51f7753124/reports/ade62fb8-9819-4f66-9913-c943beb1dedc/overview
Verdict:
Suspicious
Labled as:
Malware
Link:
https://www.hybrid-analysis.com/sample/b1e60654c8ec10842163c0b57224f1bbdbb9536dcd86da916a5d16379a08c7a9
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/b1e60654c8ec10842163c0b57224f1bbdbb9536dcd86da916a5d16379a08c7a9
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b1e60654c8ec10842163c0b57224f1bbdbb9536dcd86da916a5d16379a08c7a9/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=whtamvgi5qiiiildyc2xejhrxpn3su3nzwdnvelkluldpgqiy6uq._file
Result
Malware family:
revengerat
Create hunting rule
Score:
  10/10
Tags:
family:revengerat botnet:guest stealer
Link:
https://tria.ge/reports/231005-ha6bqaba39/
Behaviour
Suspicious use of AdjustPrivilegeToken
Malware Config
C2 Extraction:
127.0.0.1:1177
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/b1e60654c8ec10842163c0b57224f1bbdbb9536dcd86da916a5d16379a08c7a9

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments