MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 01a0edfce737d16102372ac1228f4095a3bdab926ecbccf64b452a4e9972a59a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RevCodeRAT


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 01a0edfce737d16102372ac1228f4095a3bdab926ecbccf64b452a4e9972a59a
SHA3-384 hash: 31dc0d512bd0da98144766b34dbf578d4793882b2a1f975b6417d3aa18d7eeb31692fa5c5102f80a0205ad256bba5aea
SHA1 hash: 25b34754ee49727301a103f5ff7847d0be527aec
MD5 hash: 6e74ee737021356a410d16ee3f974205
humanhash: spaghetti-oranges-red-sad
File name:JANUARY OVERDUE INVOICE.arj
Download: download sample
Signature RevCodeRAT
Create hunting rule
File size:1'326'850 bytes
First seen:2021-04-07 05:14:48 UTC
Last seen:Never
File type: arj
MIME type:application/x-rar
ssdeep 24576:9J1h37I5pBwpmIwbZAOgYpSwrVxPPQVACEBzPvzPe0n4NFceM1n+EakKT1B4hjHG:T3k5gpmXZnJ5xxH2byz3J4NqeM1+EBUT
TLSH A15533C65E018D8F4EFDB02A032653709A80A92865D7CCAF87D4F181B7B5FE35ADC856
Reporter cocaman
Tags:arj INVOICE RevCodeRAT


Avatar
cocaman
Malicious email (T1566.001)
From: "Greg <gkontouzoglou@emproslines.com>" (likely spoofed)
Received: "from ip178.ip-139-99-167.net (ip178.ip-139-99-167.net [139.99.167.178]) "
Date: "6 Apr 2021 17:37:55 -0700"
Subject: "RE: OVERDUE INVOICE"
Attachment: "JANUARY OVERDUE INVOICE.arj"

Intelligence

File Origin
# of uploads :
1
# of downloads :
97
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/01a0edfce737d16102372ac1228f4095a3bdab926ecbccf64b452a4e9972a59a/
Threat name:
Win32.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-04-06 04:26:38 UTC
File Type:
Binary (Archive)
Extracted files:
36
AV detection:
22 of 48 (45.83%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=agqo37hhg7iwcarxflasfd2aswr33k4sn3f4z5sliuve5glsuwna._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/01a0edfce737d16102372ac1228f4095a3bdab926ecbccf64b452a4e9972a59a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RevCodeRAT

arj 01a0edfce737d16102372ac1228f4095a3bdab926ecbccf64b452a4e9972a59a

(this sample)

RevCodeRAT

Executable exe b4fbe906439597a3d05b94f3a7001069687e598cabc9a82e47d6c43046be10a5

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b4fbe906439597a3d05b94f3a7001069687e598cabc9a82e47d6c43046be10a5
  
Dropping
RevCodeRAT

Comments