MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e44ea6095036b15910c82941c0c3af5178687d3deeb9954adf9967cd833b9349. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RevengeRAT


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e44ea6095036b15910c82941c0c3af5178687d3deeb9954adf9967cd833b9349
SHA3-384 hash: 2a8b2433d6811903f6c8a7edc5d9704745030c145072ebf29d20262e144da8119f2b9370208585fa84adc8655ca077c5
SHA1 hash: 995db8067499af7e3d17a4b3fc3a75ef8b6262c4
MD5 hash: 18dcf4357bceee397c9695ba081232f5
humanhash: minnesota-fourteen-table-missouri
File name:VmZqzhF1.exe
Download: download sample
Signature RevengeRAT
Create hunting rule
File size:52'224 bytes
First seen:2020-03-28 17:25:36 UTC
Last seen:2020-03-28 17:32:35 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'205 x SnakeKeylogger)
ssdeep 768:N0xAzzlOyvfXajqB6UMXV/djQvezMBSDKTVcmu/G/PI01S0JG4C+2T:6AnlL3XajqB6UMXVyeQWKTPue/PIMn
Threatray 98 similar samples on MalwareBazaar
TLSH BB33E90277479712CAAC25B540DF342413F09FCF5B33D6492EAC62ADAA623936E46FC5
Reporter johannes
Tags:RevengeRAT


Avatar
viql
revengerat via https://pastebin.com/raw/VmZqzhF1

Intelligence

File Origin
# of uploads :
3
# of downloads :
343
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.Generic-6332612-0
Create hunting rule

Win.Trojan.RevengeRAT-6690354-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Razy
Create hunting rule
Status:
Malicious
First seen:
2020-03-28 17:35:29 UTC
File Type:
PE (Exe)
AV detection:
26 of 31 (83.87%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=4rhkmckqg2yvsegiffa4bq5pkf4gq7j5524zksw7tft43az3sneq._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
3764a8690d829b849cc82babfb6dc75a3b6f812e46d3d9535c380c187534094e
RevengeRAT
460cca0f6a1acc665e76da5539844db4fd042761cbe9641a2b9fb663a322a3ab
RevengeRAT
7af6be720f63c86de10443745e332a5717aa9b14fa3e8ecca584ef370f2080da
RevengeRAT
a324263f8734bb62ba035022d5533419994482ccd63f8adbf717ae52a9c2e6e1
RevengeRAT
d74f9f54c19ff7ec1301b84bc72ee2b143c94db7b56c88b4c660cb7abcd7b513
RevengeRAT
d85497f61b07d8f8cc30c3c66ab21883a0274c7a3e7bc982a3a622ca2eed39a4
RevengeRAT
e0287568096f94034a8746adef8f4c08db4ef5f51134f90740b1c72eb1b1eb0b
RevengeRAT
e72478765908b84f150ef0b7e895cfca0780a9107de6cf819ec5715f6f179acd
RevengeRAT
ed5c6f06e459285fa5e621026be965558add0841e7426ecee6d3e41d5e9b9761
RevengeRAT
edcf2ab0937689a7e0475395a8654f874e413649ee63100e61c4d1a8c09ba681
RevengeRAT
+ 88 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Link
https://pastebin.com/raw/VmZqzhF1
  
Link
https://pastebin.com/raw/Bf0NQ9Ld
  
Link
https://pastebin.com/raw/fWbdHjTH

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh

Comments