MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 33c35775c1a77e3d303005a7b83e93c9e80ca81bdadd90b2e7ec29a4fba30f1c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RevCodeRAT


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 33c35775c1a77e3d303005a7b83e93c9e80ca81bdadd90b2e7ec29a4fba30f1c
SHA3-384 hash: b136707d39f1d7434c3cd401ecc9bad3a575767b00c56c56bb74190c20d8a5524f5cacfe164d531707725b45f024f6fa
SHA1 hash: d45196e1401d14f7fe735dd5c07e537f80a42b99
MD5 hash: 6101d1098b4ed39846eb543394ee0861
humanhash: winter-low-king-sodium
File name:tax-relief.pdf.z
Download: download sample
Signature RevCodeRAT
Create hunting rule
File size:401'642 bytes
First seen:2020-12-08 16:43:45 UTC
Last seen:Never
File type: z
MIME type:application/x-rar
ssdeep 12288:kF8yCrpuJpfIr0h6u3dJLmcUCshFiSssmQ0hp:4AuJpfIr0hPaHtrP0r
TLSH 5F84235479528F46961B313222233D7220114D870D90DE6AE3FF9FEC597F395B880E7A
Reporter abuse_ch
Tags:IRS RAT RevCodeRAT z


Avatar
abuse_ch
Malspam distributing RevCodeRAT:

HELO: englam.com.sg
Sending IP: 103.11.189.57
From: IRS <noreply@taxpayers.com>
Subject: TAX RELIEF UPDATES
Attachment: tax-relief.pdf.z (contains "tax-relief.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
177
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/33c35775c1a77e3d303005a7b83e93c9e80ca81bdadd90b2e7ec29a4fba30f1c/
Threat name:
ByteCode-MSIL.Backdoor.NanoCore
Create hunting rule
Status:
Malicious
First seen:
2020-12-08 16:44:11 UTC
AV detection:
20 of 48 (41.67%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=gpbvo5obu57d2mbqawt3qputzhuazka33lozbmxh5qu2j65db4oa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/33c35775c1a77e3d303005a7b83e93c9e80ca81bdadd90b2e7ec29a4fba30f1c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RevCodeRAT

z 33c35775c1a77e3d303005a7b83e93c9e80ca81bdadd90b2e7ec29a4fba30f1c

(this sample)

RevCodeRAT

Executable exe e2f7e2ca58c527be8332bcea02a3e593eda09429bb30ce5ced6ef26724388f01

  
Dropping
MD5 57927a649b95ccc4cb8374ce308eca41
  
Dropping
RevCodeRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e2f7e2ca58c527be8332bcea02a3e593eda09429bb30ce5ced6ef26724388f01

Comments