MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e72478765908b84f150ef0b7e895cfca0780a9107de6cf819ec5715f6f179acd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RevengeRAT


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e72478765908b84f150ef0b7e895cfca0780a9107de6cf819ec5715f6f179acd
SHA3-384 hash: c206a7e0ae5189d990b32a1ff92194fb065355d6d48e007e7fa4eba45488d6c518f783e1e6969aaaa4dfa3c496350985
SHA1 hash: 1a867c65eb8daa2574346a00900b175c7e414d53
MD5 hash: 5c07f3b62bfdcbb56fd54b33c93e4b81
humanhash: johnny-ceiling-venus-harry
File name:YwY9jygx.exe
Download: download sample
Signature RevengeRAT
Create hunting rule
File size:51'200 bytes
First seen:2020-03-23 12:54:42 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'742 x AgentTesla, 19'607 x Formbook, 12'242 x SnakeKeylogger)
ssdeep 768:Pbn8zbrsBOA6Tax2la3VHKjU/jqA3ECfPyktm+WGhCoJ2O7V2T:L8XrAx6Tax2ALq3CfPNtm+N8u2O7
Threatray 94 similar samples on MalwareBazaar
TLSH 8633D851BB474712C66C61BE90EB356023F09BCF1B33E64F2E8C51AD5E223936A45BC9
Reporter johannes
Tags:RevengeRAT


Avatar
viql
revengerat via https://pastebin.com/raw/YwY9jygx

Intelligence

File Origin
# of uploads :
1
# of downloads :
307
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.Generic-6332612-0
Create hunting rule

Win.Trojan.RevengeRAT-6690354-0
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Razy
Create hunting rule
Status:
Malicious
First seen:
2020-03-24 03:57:40 UTC
AV detection:
25 of 31 (80.65%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=44shq5szbc4e6fio6c36rfopzidybkiqpxtm7am6yvyv63yxtlgq._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
0ed07cd100c933c766b2183c8c46f913116bc89b2651e22c3dd5a61c06913b7a
RevengeRAT
460cca0f6a1acc665e76da5539844db4fd042761cbe9641a2b9fb663a322a3ab
RevengeRAT
7af6be720f63c86de10443745e332a5717aa9b14fa3e8ecca584ef370f2080da
RevengeRAT
a324263f8734bb62ba035022d5533419994482ccd63f8adbf717ae52a9c2e6e1
RevengeRAT
d74f9f54c19ff7ec1301b84bc72ee2b143c94db7b56c88b4c660cb7abcd7b513
RevengeRAT
d85497f61b07d8f8cc30c3c66ab21883a0274c7a3e7bc982a3a622ca2eed39a4
RevengeRAT
e0287568096f94034a8746adef8f4c08db4ef5f51134f90740b1c72eb1b1eb0b
RevengeRAT
e44ea6095036b15910c82941c0c3af5178687d3deeb9954adf9967cd833b9349
RevengeRAT
ed5c6f06e459285fa5e621026be965558add0841e7426ecee6d3e41d5e9b9761
RevengeRAT
edcf2ab0937689a7e0475395a8654f874e413649ee63100e61c4d1a8c09ba681
RevengeRAT
+ 84 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Link
https://pastebin.com/raw/YwY9jygx

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh

Comments