MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ff8c7ac8e68733de6e226beb30886039f388ba28c638d795a5a7ff427e80fbb5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RevengeRAT

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments

SHA256 hash:	ff8c7ac8e68733de6e226beb30886039f388ba28c638d795a5a7ff427e80fbb5
SHA3-384 hash:	3d94d771812f5f03895f255cbf6e41eae3e4be01fdd492e72f708c8ede6142afca0771712b56579c2324f98f7a47fb2e
SHA1 hash:	f11b2b8d9d11b083468cf445ed1aff154cdd8de5
MD5 hash:	caf49a811e4195961bf725e9da3249fa
humanhash:	fourteen-crazy-golf-avocado
File name:	Wbw6uttM.exe
Download:	download sample
Signature	RevengeRAT Create hunting rule
File size:	24'576 bytes
First seen:	2020-09-15 15:02:21 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'748 x AgentTesla, 19'651 x Formbook, 12'246 x SnakeKeylogger)
ssdeep	192:Rl5+8Pa9S8kjYTDGgbcp4Llp2SAfF9aEOnryD91ABkGxVXTIqoNGRJ0:Rl5P/jYTDGggpM23fJWyDbAnx/oNV
Threatray	27 similar samples on MalwareBazaar
TLSH	A4B21909B7DD473AC1BD03BC4DB342256371E5A39A62C70F1CD880EA9D52BD45B60BE8
Reporter	pmelson
Tags:	exe Revenge RevengeRAT

Intelligence

File Origin

# of uploads :

1

# of downloads :

290

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/60664/

Detection(s):

Win.Packed.Razy-9645384-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

Sending a UDP request

Using the Windows Management Instrumentation requests

Sending a custom TCP request

Result

Threat name:

RevengeRAT

Detection:

malicious

Classification:

troj.evad

Score:

72 / 100

Link:

https://www.joesandbox.com/analysis/466826

Signature

Antivirus / Scanner detection for submitted sample

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Potential time zone aware malware

Yara detected RevengeRAT

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/ff8c7ac8e68733de6e226beb30886039f388ba28c638d795a5a7ff427e80fbb5/

Threat name:

ByteCode-MSIL.Backdoor.RevengeRAT

Status:

Malicious

First seen:

2020-09-15 15:04:06 UTC

AV detection:

28 of 29 (96.55%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=76ghvshgq4z543rcnpvtbcdahhzyroriyy4npfnfu77ue7ua7o2q._file

Verdict:

malicious

Similar samples:

1ccba863eb3185bebd008a169c13cffa92234b3fb90f7876311e02d37a7e8e74

437a6cc11412d97bbcc791e3a68f9293fcf021f5770b1ba3f97efbb442496e94

54fe3682ed81da191c61ee8aced68014cd74fd021d3873dca8c8c74a754bf868

8cdf0712f86a0ae78cd5d61fb784a9d5ef40595e2524dfd539268bbbcc5e1360

b1584e021f20a3fc1bdd989fd34f981c7cb57da76485780da9bb975f1333b342

c04ec7f7397f2fccbf7fd967a5aa4aeca57c17dc1dac557bbe405ca8423c35ee

dbdc58f7cfaa402e4b6c0bbc0d3cae24c1939277a205da49c62d420b86a74f92

e1552429cfd87856478c497f2d6fa7e175a140f5b882019fcce39a5557092578

e868bbd65efb5d380540f4cfdec3ab7075886c94742f7bcdc45ade752eec81ab

ebe37e58ad73be76b4178d8b99d64c6505909113a9c3820f4aa2444bb551ef09

+ 17 additional samples on MalwareBazaar

Result

Malware family:

revengerat

Score:

10/10

Tags:

family:revengerat

Link:

https://tria.ge/reports/200915-hg5319zjk6/

Behaviour

Revengerat family

Malware Config

C2 Extraction:

68.183.135.238:333

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

RevengeRAT

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/ff8c7ac8e68733de6e226beb30886039f388ba28c638d795a5a7ff427e80fbb5

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe ff8c7ac8e68733de6e226beb30886039f388ba28c638d795a5a7ff427e80fbb5

(this sample)

Link

https://www.virustotal.com/gui/file/ff8c7ac8e68733de6e226beb30886039f388ba28c638d795a5a7ff427e80fbb5/detection

Delivery method

Distributed via web download

Cape

Cape

https://www.capesandbox.com/analysis/60664/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample