MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b45741c0c50256480cdffc15bd14a3770d895232c1e482e91f5e298daea023fc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	b45741c0c50256480cdffc15bd14a3770d895232c1e482e91f5e298daea023fc
SHA3-384 hash:	03626dff5150234f4b3f01e3afb53c69f128985cd9555f27de7793719c1b502ee535b02405fbda65cb11cecc9a7afba2
SHA1 hash:	9a19afb0f05d4d829c4481913b3da75a4d853282
MD5 hash:	fa6265d2a3ca18c8b123fde2c396e98d
humanhash:	robin-five-oxygen-don
File name:	file
Download:	download sample
File size:	14'848 bytes
First seen:	2020-02-28 07:42:01 UTC
Last seen:	2020-02-28 07:43:22 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'666 x AgentTesla, 19'479 x Formbook, 12'209 x SnakeKeylogger)
ssdeep	192:N+8C+EKS0O9ejYTDG8bcp4LlTZyhrIh0V3HiVnb8mZDxJEBkGxVXKkoNi3RJs:NNVjYTDG8gpgwrIhjVgmZDzEnxBoNis
Threatray	50 similar samples on MalwareBazaar
TLSH	0D623B45B7DC0739C5BD47FC0CF242256371E5A39A62DB1F1CE894BA89927C85B20BE8
Reporter	johannes
Tags:	RevengeRAT

viql

revengerat via https://pastebin.com/raw/Wdv9WMXe

Intelligence

File Origin

# of uploads :

# of downloads :

241

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.BackDoor.RevetRat.2.8361.25173.UNOFFICIAL

Gathering data

Threat name:

ByteCode-MSIL.Trojan.Rrat

Status:

Malicious

First seen:

2020-01-02 22:01:00 UTC

AV detection:

24 of 31 (77.42%)

Threat level:

2/5

Verdict:

malicious

21d1f5d2ad4ac80ac110333403909a91fe7094a91dc822400768cf10f8b346ec

23fc02f1e3783ac574850e9f210b8fb54e2a3dd589ed4b0399157e1708457ed1

42e23b5a0fde78a0677c91043c9484aa6a9942fadf7e535a07104ff0dd501cb4

58f1865d2fb00775add6c9d34aa504118bc962e08fba8fb79b288515320ef933

5a810a0b7402b9023f8c5016d0341a5070ef1ce52f0b124b6ced8a3846e54c83

6b04a84dd2ff70944c97604447866f11ce23135cafc357293dee242f868c3d22

6f03b44e93301e51660e62609d5a4c0982ecc139317e274c8450834a774a05b4

825de2cce7549059fc092704916dee1401491029efe6ea09fe2c7d51a1c2dabb

862e078bfc94bd32c322e406631fd175e02b13797ded79ba449ea5083b0d7716

+ 40 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Unknown

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/b45741c0c50256480cdffc15bd14a3770d895232c1e482e91f5e298daea023fc

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_DLL_CHARACTERISTICS	Missing dll Security Characteristics (HIGH_ENTROPY_VA)	high

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample