MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 de35000537e325fd8ed05003a1114b71aa7366f23a6185c9d8133a3793673427. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RevengeRAT

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	de35000537e325fd8ed05003a1114b71aa7366f23a6185c9d8133a3793673427
SHA3-384 hash:	a7558c3b6f881a11ad379fbed0cc456e608356514c31fffb909bfc1097615132e7b453f88043199b0b4e87efff868db8
SHA1 hash:	ef63544e72c8d4cbb75047bdc9504c7a420fd2a7
MD5 hash:	3da06106bf2ae3ced4a95d90600dfb11
humanhash:	twelve-may-harry-carolina
File name:	srrHbKju.exe
Download:	download sample
Signature	RevengeRAT Create hunting rule
File size:	17'408 bytes
First seen:	2020-03-23 20:03:39 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'205 x SnakeKeylogger)
ssdeep	192:YVXnf10lFOr1QRoTGe6ZLuM5UYBiVoo/MIPwdcvnbB+jR9nsVVIEyFLu2s2:YVOztRo56Z7oEIPJvnbisVKEyFLu2s2
Threatray	365 similar samples on MalwareBazaar
TLSH	F97219A533F89A12C1FC377D486131295772D79F9A10C76E2AE4A0EBB3233C19944BE5
Reporter	johannes
Tags:	RevengeRAT

viql

revengerat via https://pastebin.com/raw/srrHbKju

Intelligence

File Origin

# of uploads :

# of downloads :

313

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

Win.Trojan.RevengeRat-6344273-0

Gathering data

Threat name:

ByteCode-MSIL.Trojan.Revetrat

Status:

Malicious

First seen:

2020-03-23 22:50:18 UTC

AV detection:

29 of 31 (93.55%)

Threat level:

5/5

Verdict:

malicious

RevengeRAT

0f9f2ed3669af8502dfad754d0dc2e7682fe7bc4d0044f7cc3ca61a0e1170d15

RevengeRAT

299af7f15d174ff027a719a08a4fde2d269a5b90e2c2a41eea5fb7769d4b7f5e

RevengeRAT

31b10f1a4a6bb1e74af48d786c3c5957d1fdde4307adb24d5cbf06f278fc18ae

RevengeRAT

8eee7183404a9161fbabb05cb5b295649d79e911f1dea7b2abc3929a4d3dd80d

RevengeRAT

b92fe7309b229fc2894d3b10b0a9cd148fb1b4214bffb3b0bd16ef219f21f632

RevengeRAT

dcccd5e29b6209cec0a993bfa4e23c5635bf2edecf3cc3102b12ae1771e33eda

RevengeRAT

df48230380a555ceab5ec604e55d84b862de9f36ba2b0216d3897acde146586e

RevengeRAT

e6eda9918b257e317e921d294b903f9488929fe7ef2efc0955bd141d19e15855

RevengeRAT

f700e2d1915c46ceebc8ed4c2505e3a8f6f23d72f093aef5f1a3e2e50b8b85c2

RevengeRAT

+ 355 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Link

https://pastebin.com/raw/srrHbKju

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_DLL_CHARACTERISTICS	Missing dll Security Characteristics (HIGH_ENTROPY_VA)	high

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample