MAL_Revenant_Agent_Mar23

Rule Info

Name
MAL_Revenant_Agent_Mar23
Author
MalGamy
Description
Detects a 3rd party agent for the Havoc C2 framework named Revenant
Score
80
Reference
https://github.com/0xTriboulet/Revenant
Date
2023-03-17
Modified
2023-04-06
Minimum Yara
1.7
Rule Hash
152b2de991c62fbc47e1888012e10e1d
Tags
['FILE', 'MAL']
Required Modules
[]
Virustotal Matches
https://www.virustotal.com/gui/search/mal_revenant_agent_mar23/comments

Antivirus Verdicts

Rating
Number of Samples
Malicious (>= 10 engines)
21
Suspicious (< 10 engines)
23
Clean (0 engines)
0

Rule Matches

Timestamp
Positives
Total
Hash
VT
2024-09-25 12:33:36
5
73
b85db693b85d98637ee5d4d66d8b08e90145fe45b61fb257308536cd031878e0
2024-07-03 20:45:20
7
74
08e00f151ef309a6a8aef48d3bc3a87fc54c9ab9fe1a3870c36527da5945c5e6
2024-07-03 20:45:17
6
74
4494c8d97d5de1f5845dffe7320aaebf53ad0b4f9429e290c837c0d7ae0f1ed6
2024-07-03 20:44:34
6
74
82a0317e03128850ce2b6934cce14704db4e7de15f4bf347813144e2b0111b2a
2024-07-03 20:29:19
6
74
4079a6d6bc2de180b2acc1f779cd4604b843b97ab4fe19f55483df46e27ded69
2024-07-03 12:04:23
6
74
fbdc61e0701bb1ef503fdbf8f221c876b43dbff6f41e3c1f3094e2f485d8fa19
2024-07-03 11:52:11
7
74
0334970caff675a38e8ce3726525477a43f362a51c0f78b6c029714f3cb59928
2024-07-03 11:52:11
5
74
39ef1432f96a366aad74e7d6a89318fe4c8100704e05123fee583aeff436787e
2024-07-03 11:41:34
6
74
af54d662f7a8e9127d56340a1b2f244a83018c88378f816069e947e83a50a5ce
2024-06-27 16:41:51
4
74
e297114acb10fefa4b5247abb6f9f82dc7141aeb7b6b1ebb919911cc64dc0c19
2024-06-24 10:52:16
15
73
d93ea84238a82022f5e978d1ca884594e1ee9d875c5488f865ad6b22d4ef3112
2024-02-12 20:06:12
6
72
c969f3af0b9ac23d61f65b545ec4a2680208045577377ac5b532eb7933118337
2023-11-13 07:16:36
35
70
80d9324d13d1b276894dac67b08d902ac3eca0fc7fd932c2ef2f9abb9bd61972
2023-11-12 09:13:55
27
70
09531feaeb0490a0a2ece2f53bb80186ddcb0a9729315e96d7400bc0f3756eb9
2023-09-03 09:18:35
42
71
bf9560b84875c22bd076dceca428bf3320b24d6536ab72e3c65946b7e913c56e
2023-09-03 05:09:16
39
71
52339941045ecd90998726878855918f39c440e14980f558c9509f42b0e7fd99
2023-08-13 09:37:06
23
69
57b14061537dee07d59da7455dbd7aadc0fda1029c4692c3ff8f4120ee17c212
2023-08-13 09:35:39
32
71
7e83d5d6d7f7b0a64b2dd6f529028bdd55a393595181052eb12afd292d477272
2023-08-13 09:01:49
27
71
2293ecac68668ab6f8cd372328a5126d32e29f77b5513f4ff1e0f2bf2388c695
2023-07-24 13:39:55
31
70
0837fa863d116989a3db15f5cb758cb33e6a383977ae83ad396dedef8e5a1159
2023-07-22 14:55:48
23
71
469067e7af8aaded2acd6e91317db3231574a406635b915470e96b3b217861a0
2023-07-19 03:32:48
39
70
a08d371d3316ef9e1dc817b177b7b8837c7c4f0db6399bf7131b575dec534f92
2023-04-25 13:12:30
5
70
36b6302e9a13998064b7b9e33b0b96fb627809a6ca5591a39eb83da108b5e914
2023-04-23 20:08:02
41
70
6a3ab1387be77fa14ddfa99c07dc1c731f8f46412b44d018783955be03a4d072
2023-04-22 03:06:59
24
70
4b29838a38619b8ab783623a2b23622f8ae1fead621046cad125cdc7a297f725
2023-04-22 03:06:55
24
70
7e734c36b43394b866d277c4660a932ac47aa467c2486cd76eace1bc64ed2d76
2023-04-21 02:06:01
22
70
5a19252465db9e1ccfff3fb0e2fab512d3afffcec62f1594708b01c70af9f0a5
2023-04-19 07:14:55
4
70
6bb04e666f7b5bd2e229184f001157d436d844c81ed77255e61b6710bfe8afea
2023-04-17 23:16:21
4
70
0693c69ded05e74093cdd0afb2fdc8050d95abe857a3e2085aad1744979b78c9
2023-04-17 23:10:44
3
69
fde739d1b5518240e7d6fb658a5acf24b4f593cf15c4b72f5fb26665e9a250a9
2023-04-17 23:05:41
5
70
b6b4af6894c2f308ae49cf0c69914a7974bc4a7e97b4e328129e79e987df16bf
2023-04-17 03:19:08
37
70
6422786f6d845b20e908a7281534e0f5a7100343f14a500bce2af2c5401655e1
2023-04-16 08:06:31
8
70
e26f580ee3c7b52dc0f1d538151c0d6a6207a4269882d24677cbbbe81a4c65b1
2023-04-16 07:13:51
19
70
2ac49229939e364b5ec2b71a343bf76292148a55323d4a89e92b9c1d3531f200
2023-04-15 10:07:08
18
70
cdc879936d6733cd01cab5cbc359ff4ae649288064ea49e0c9c046c1f977b930
2023-04-13 11:11:49
7
70
6400c7e54a06291e979ba4fca1f572d9967fb3c2393d3cc328b2aa71e07518a6
2023-04-12 10:37:33
4
70
7f23bf699e864788e338ad9d040cf480a8b8628da2f08b5d3c89c837e4b0f814
2023-04-06 15:42:08
10
70
06dc935273614e590502958a8774bf98c4c1b780a59676b59bb37cf034cba879
2023-04-06 15:38:06
10
70
1116c12e53100d415e97a2a576390040a692433c591eb0ba854f8ba72f70ca9d
2023-04-06 15:25:38
10
70
d352aca16a078864982959dae6fbf2bd7cd2a2c4ea7207d3cd713de3295d7a5e
2023-04-02 07:12:13
4
69
e9ad4b63223ae4ee226590dbb285ca662ad82d4319d84f101785a2f1c4830e64
2023-03-26 08:06:38
2
69
39b8be7840d1e8a62de92bc64edd4c32de869f0d1b56fbb832cedf64c64312f6
2023-03-26 08:05:27
1
69
40780ad906cfbc7736539ec32273cc33556aef6b7ea899c8f98e3035c44cf676
2023-03-26 07:38:51
4
68
3549e0b7d64749ccaeb90683e72188de65515d8f316826a4292c36c077cf960d

Rule Matches per Month (last 24 months)

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022