MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 173e76fde66ad8a901bfb5947038c12ce95d9b0b2daa59f2a0fbb17437363fad. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RevCodeRAT


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 173e76fde66ad8a901bfb5947038c12ce95d9b0b2daa59f2a0fbb17437363fad
SHA3-384 hash: cd41075715c744977cbf97b93b794edc26f286e1db600951e4a3ec17409700273529b39623132db00def9c296fc99f37
SHA1 hash: e1850a77b214953649bfc95512278f8a43945e88
MD5 hash: f52257b30cd6a822a71e78c66165e1ef
humanhash: hotel-edward-arizona-august
File name:SWIFT_CONFIRMATION.pdf.z
Download: download sample
Signature RevCodeRAT
Create hunting rule
File size:729'559 bytes
First seen:2020-11-11 14:03:44 UTC
Last seen:2020-11-11 17:11:45 UTC
File type: z
MIME type:application/x-rar
ssdeep 12288:Yz+gzlf8H5uDZwhSo3moSu1gAKIXropv+7uQXR0jXwktPSj:Yz+IqUkSYB1gAKIEsKo06j
TLSH 0EF4332D9DA0F2A3D8346CDEC943470EE5BAB21767B4774CD8A7E17A250A3508E3F161
Reporter GovCERT_CH
Tags:RAT RevCodeRAT

Intelligence

File Origin
# of uploads :
7
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/173e76fde66ad8a901bfb5947038c12ce95d9b0b2daa59f2a0fbb17437363fad/
Threat name:
ByteCode-MSIL.Hacktool.AutoKMS
Create hunting rule
Status:
Malicious
First seen:
2020-11-11 02:36:51 UTC
AV detection:
16 of 29 (55.17%)
Threat level:
  1/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=c47hn7pgnlmksan7wwkhaogbftuv3gylfwvft4va7oyxinzwh6wq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/173e76fde66ad8a901bfb5947038c12ce95d9b0b2daa59f2a0fbb17437363fad

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RevCodeRAT

z 173e76fde66ad8a901bfb5947038c12ce95d9b0b2daa59f2a0fbb17437363fad

(this sample)

RevCodeRAT

Executable exe b426493d22cf9ad03bb8958bb2d994119dd6fb014c23855775dd7a9660bb51a9

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b426493d22cf9ad03bb8958bb2d994119dd6fb014c23855775dd7a9660bb51a9
  
Dropping
MD5 b5195ad467ff9fd44a7db0819e2bc96d

Comments