MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c35e3bdf0d1a7275e73f3c8c9fb57cf874ffa19ffafae649025b1e90cd07c096. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RevengeRAT

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	c35e3bdf0d1a7275e73f3c8c9fb57cf874ffa19ffafae649025b1e90cd07c096
SHA3-384 hash:	9946456871ef4a477595dad004b152530364826c255367401e7952d663492f9a867e7bd9ee0da9253dd3d955d9e9fa33
SHA1 hash:	e15233a69c32761d8ad0e293ce1ed2e1162d5647
MD5 hash:	fc8f4e31d85e796c1efe9b0fabeed23a
humanhash:	jersey-single-bravo-football
File name:	file
Download:	download sample
Signature	RevengeRAT Create hunting rule
File size:	16'896 bytes
First seen:	2020-02-28 01:13:26 UTC
Last seen:	2020-02-28 01:15:53 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'737 x AgentTesla, 19'596 x Formbook, 12'241 x SnakeKeylogger)
ssdeep	384:sxF6Mj9VnRq2Rj9oM+bYO+4kr9oDPlMNcLlb5sVKdyS5Ct:sxF6Mj9V5bDclMNE9o
Threatray	61 similar samples on MalwareBazaar
TLSH	A872099777F4AA22C0BD23BC542661256B75834FD610CB5E19D880FBF7A33C1AAC42C1
Reporter	johannes
Tags:	RevengeRAT

viql

revengerat via https://pastebin.com/raw/LLHBn54Q

Intelligence

File Origin

# of uploads :

# of downloads :

244

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

Win.Trojan.RevengeRat-6344273-0

Win.Malware.Zusy-6804067-0

Gathering data

Threat name:

ByteCode-MSIL.Trojan.Revengerat

Status:

Malicious

First seen:

2020-01-13 21:33:00 UTC

AV detection:

27 of 31 (87.10%)

Threat level:

2/5

Verdict:

malicious

RevengeRAT

0f0ad0df89b895ae4e7ad72b7d6bbea015fe566fe98b577553cb95cd3fb96766

RevengeRAT

291bf31470c9bcacec467c980adb7a3d111ebb6b72cf07147884a7eae5cabde9

RevengeRAT

31b10f1a4a6bb1e74af48d786c3c5957d1fdde4307adb24d5cbf06f278fc18ae

RevengeRAT

61772167a95f7d7eb84337c06144cbba21b88b0ace8ef24d59426c7a50e6acc6

RevengeRAT

6ebe2626d66a590a572cca546c2b1c472f5e1b7db26f89cc8f6f073125fe82c5

RevengeRAT

8efd6f95c39e86627b1f9cc553fa7bed152dbf4788662bee15d3b5bdf0c1b79e

RevengeRAT

b92fe7309b229fc2894d3b10b0a9cd148fb1b4214bffb3b0bd16ef219f21f632

RevengeRAT

c7bf30d34e0e14112c582d3b55aafabdfb00f563be001f3e1ab4e5d04b5c0271

RevengeRAT

d9a9a7ab99db0946ecb0f5f398eddd0d820ffbde0105164064e168f1ea73ba26

RevengeRAT

+ 51 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

10/10

Tags:

n/a

Link:

https://tria.ge/reports/201109-wz3bg5xete/

Behaviour

Suspicious use of AdjustPrivilegeToken

Malware Config

C2 Extraction:

127.0.0.1:90

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Unknown

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/c35e3bdf0d1a7275e73f3c8c9fb57cf874ffa19ffafae649025b1e90cd07c096

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_DLL_CHARACTERISTICS	Missing dll Security Characteristics (HIGH_ENTROPY_VA)	high

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample