MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8a885123d4775b10997b2084320e3f71f1b72e1d232c6d60f4fc71cf205c118e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RevCodeRAT


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8a885123d4775b10997b2084320e3f71f1b72e1d232c6d60f4fc71cf205c118e
SHA3-384 hash: 1fed3ae3bc5aba3f0bf0380fabb61d8509d766ed77bc19d460a742e9c984553b65fd5a8155824078cc4fe155d9cbd283
SHA1 hash: 930f8bbfd58cb2d4f841a543af9a7ae9118146c6
MD5 hash: 88ff0d2103694ccae52113c83da12c5e
humanhash: neptune-don-lemon-golf
File name:STATEMENT OF ACCOUNT.LZH
Download: download sample
Signature RevCodeRAT
Create hunting rule
File size:680'210 bytes
First seen:2020-10-23 06:46:30 UTC
Last seen:2020-10-23 12:48:52 UTC
File type: rar
MIME type:application/x-rar
ssdeep 12288:typB4Fu+yN/xCWEGW+qKedKaorNM3v07PsGUXzYDyyZBTFUFOb57por/SFMmUUk1:Nw+WxfEGW+jedcNM3ikGAyXFUF057WrZ
TLSH 0BE423AB1B6A27D53128465F2634F36B8169F4D43002DB7A6B75600BBAC0FF4BC294DC
Reporter abuse_ch
Tags:lzh RAT RevCodeRAT


Avatar
abuse_ch
Malspam distributing RevCodeRAT:

HELO: [131.153.18.91]
Sending IP: 131.153.18.91
From: akshj@aikah.com
Subject: RE: SOA
Attachment: STATEMENT OF ACCOUNT.LZH (contains "STATEMENT OF ACCOUNT.exe")

Intelligence

File Origin
# of uploads :
5
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8a885123d4775b10997b2084320e3f71f1b72e1d232c6d60f4fc71cf205c118e/
Threat name:
ByteCode-MSIL.Backdoor.NanoBot
Create hunting rule
Status:
Malicious
First seen:
2020-10-23 01:26:16 UTC
AV detection:
13 of 48 (27.08%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=rkefci6uo5nrbgl3eccdedr7ohy3olq5emwg2yhu7ry46ic4cgha._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RevCodeRAT

rar 8a885123d4775b10997b2084320e3f71f1b72e1d232c6d60f4fc71cf205c118e

(this sample)

RevCodeRAT

Executable exe fe2f20398cff7bea0e10e10940e0936e2525ba8dba51263387f1b1d82d8b1aea

  
Dropping
MD5 78a70040da50e0e1f29bb1e6690fbf87
  
Dropping
RevCodeRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 fe2f20398cff7bea0e10e10940e0936e2525ba8dba51263387f1b1d82d8b1aea

Comments