MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ed5c6f06e459285fa5e621026be965558add0841e7426ecee6d3e41d5e9b9761. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RevengeRAT


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ed5c6f06e459285fa5e621026be965558add0841e7426ecee6d3e41d5e9b9761
SHA3-384 hash: e8b439409bb8842e3083138aa86823620493de5695c2d4e4f28d144380287a355174604228eb0601789c847aaf6f20d8
SHA1 hash: 8e3782300572b36e06c1b82460588b7a87f0e391
MD5 hash: 1c50e65f5609414f68d6bf55b2c22253
humanhash: batman-spring-bulldog-zulu
File name:qsVVM0xt.exe
Download: download sample
Signature RevengeRAT
Create hunting rule
File size:51'200 bytes
First seen:2020-03-14 14:28:23 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'742 x AgentTesla, 19'607 x Formbook, 12'242 x SnakeKeylogger)
ssdeep 768:r9yvAzclOnLcYKzqy4EZKTZwDmQY/fz/Ujq8TDASqEKkZXtS0efQ2T:aAIlWcYKzqnkDgfzMW8T0oKkZ9ne
Threatray 93 similar samples on MalwareBazaar
TLSH 8D33D9027B475722CA9C51B580EF342503F19BCF5B33D54E2E9C539DAA13393AA4ABC9
Reporter johannes
Tags:RevengeRAT


Avatar
viql
revengerat via https://pastebin.com/raw/qsVVM0xt

Intelligence

File Origin
# of uploads :
1
# of downloads :
287
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.Generic-6332612-0
Create hunting rule

Win.Trojan.RevengeRAT-6690354-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Razy
Create hunting rule
Status:
Malicious
First seen:
2020-03-14 18:53:00 UTC
AV detection:
27 of 31 (87.10%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
3764a8690d829b849cc82babfb6dc75a3b6f812e46d3d9535c380c187534094e
RevengeRAT
460cca0f6a1acc665e76da5539844db4fd042761cbe9641a2b9fb663a322a3ab
RevengeRAT
7af6be720f63c86de10443745e332a5717aa9b14fa3e8ecca584ef370f2080da
RevengeRAT
a324263f8734bb62ba035022d5533419994482ccd63f8adbf717ae52a9c2e6e1
RevengeRAT
d74f9f54c19ff7ec1301b84bc72ee2b143c94db7b56c88b4c660cb7abcd7b513
RevengeRAT
d85497f61b07d8f8cc30c3c66ab21883a0274c7a3e7bc982a3a622ca2eed39a4
RevengeRAT
e0287568096f94034a8746adef8f4c08db4ef5f51134f90740b1c72eb1b1eb0b
RevengeRAT
e44ea6095036b15910c82941c0c3af5178687d3deeb9954adf9967cd833b9349
RevengeRAT
e72478765908b84f150ef0b7e895cfca0780a9107de6cf819ec5715f6f179acd
RevengeRAT
edcf2ab0937689a7e0475395a8654f874e413649ee63100e61c4d1a8c09ba681
RevengeRAT
+ 83 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/ed5c6f06e459285fa5e621026be965558add0841e7426ecee6d3e41d5e9b9761

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Link
https://pastebin.com/raw/qsVVM0xt

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh

Comments