MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d9507f342e1d1b97e33c8a4738dea70f502296d37581bc6270ccf56f15e05f22. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RevengeRAT


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d9507f342e1d1b97e33c8a4738dea70f502296d37581bc6270ccf56f15e05f22
SHA3-384 hash: 4ad34d282bac03e31871069d7736e6e684fd80570a1324398d41b417f70e401f2e8493d4865699d3e9eebe6024080eb9
SHA1 hash: ec8e7879ad9ebf55c34211e96ea0767bf28f2054
MD5 hash: c2e1ba0f582c7fc12e31e23cc9e489c7
humanhash: louisiana-helium-butter-pennsylvania
File name:Quotation 01521.img
Download: download sample
Signature RevengeRAT
Create hunting rule
File size:897'024 bytes
First seen:2021-01-05 07:29:17 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 6144:YS7/DxvkrhDdyquS7xY+kbB44daFa7XIEk9RC9uT0mSAQdP:F7cIqh7x78B4urLIvpT0mSAQdP
TLSH A2150782EA418572C467A131137DBE190B05EEF5316CDB1408DCBC177E6AB8D3B9AE63
Reporter abuse_ch
Tags:img RAT RevengeRAT


Avatar
abuse_ch
Malspam distributing RevengeRAT:

HELO: pop1.ocnk.net
Sending IP: 210.224.191.16
From: Abdullakhan Huerta <abdullakhan@sigmalabels.ae>
Reply-To: abdullakhan@sigmalabels.ae
Subject: New ORDER Ref..#01521
Attachment: Quotation 01521.img (contains "Quotation #01521.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
1'442
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Artemis73619A5F7EAB.9017.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d9507f342e1d1b97e33c8a4738dea70f502296d37581bc6270ccf56f15e05f22/
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=3fih6nbodunzpyz4rjdtrxvhb5icffwtowa3yytqzt2w6fpal4ra._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/d9507f342e1d1b97e33c8a4738dea70f502296d37581bc6270ccf56f15e05f22

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RevengeRAT

img d9507f342e1d1b97e33c8a4738dea70f502296d37581bc6270ccf56f15e05f22

(this sample)

RevengeRAT

Executable exe 7a538b979c2a126fb287ed7bbb18ac55687273dfbac2c09de85f073c9bf5e3df

  
Dropping
MD5 73619a5f7eab7a80e0fbbd5c8493c9b4
  
Dropping
RevengeRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 7a538b979c2a126fb287ed7bbb18ac55687273dfbac2c09de85f073c9bf5e3df

Comments