MAL_Revenant_Agent_Mar23

Rule Info

Name
MAL_Revenant_Agent_Mar23
Author
MalGamy
Description
Detects a 3rd party agent for the Havoc C2 framework named Revenant
Score
80
Reference
https://github.com/0xTriboulet/Revenant
Date
2023-03-17
Modified
2023-04-06
Minimum Yara
1.7
Rule Hash
152b2de991c62fbc47e1888012e10e1d
Tags
['MAL', 'FILE']
Required Modules
[]
Virustotal Matches
https://www.virustotal.com/gui/search/mal_revenant_agent_mar23/comments

Antivirus Verdicts

Rating
Number of Samples
Malicious (>= 10 engines)
20
Suspicious (< 10 engines)
13
Clean (0 engines)
0

Rule Matches

Timestamp
Positives
Total
Hash
VT
2024-02-12 20:06:12
6
72
c969f3af0b9ac23d61f65b545ec4a2680208045577377ac5b532eb7933118337
2023-11-13 07:16:36
35
70
80d9324d13d1b276894dac67b08d902ac3eca0fc7fd932c2ef2f9abb9bd61972
2023-11-12 09:13:55
27
70
09531feaeb0490a0a2ece2f53bb80186ddcb0a9729315e96d7400bc0f3756eb9
2023-09-03 09:18:35
42
71
bf9560b84875c22bd076dceca428bf3320b24d6536ab72e3c65946b7e913c56e
2023-09-03 05:09:16
39
71
52339941045ecd90998726878855918f39c440e14980f558c9509f42b0e7fd99
2023-08-13 09:37:06
23
69
57b14061537dee07d59da7455dbd7aadc0fda1029c4692c3ff8f4120ee17c212
2023-08-13 09:35:39
32
71
7e83d5d6d7f7b0a64b2dd6f529028bdd55a393595181052eb12afd292d477272
2023-08-13 09:01:49
27
71
2293ecac68668ab6f8cd372328a5126d32e29f77b5513f4ff1e0f2bf2388c695
2023-07-24 13:39:55
31
70
0837fa863d116989a3db15f5cb758cb33e6a383977ae83ad396dedef8e5a1159
2023-07-22 14:55:48
23
71
469067e7af8aaded2acd6e91317db3231574a406635b915470e96b3b217861a0
2023-07-19 03:32:48
39
70
a08d371d3316ef9e1dc817b177b7b8837c7c4f0db6399bf7131b575dec534f92
2023-04-25 13:12:30
5
70
36b6302e9a13998064b7b9e33b0b96fb627809a6ca5591a39eb83da108b5e914
2023-04-23 20:08:02
41
70
6a3ab1387be77fa14ddfa99c07dc1c731f8f46412b44d018783955be03a4d072
2023-04-22 03:06:59
24
70
4b29838a38619b8ab783623a2b23622f8ae1fead621046cad125cdc7a297f725
2023-04-22 03:06:55
24
70
7e734c36b43394b866d277c4660a932ac47aa467c2486cd76eace1bc64ed2d76
2023-04-21 02:06:01
22
70
5a19252465db9e1ccfff3fb0e2fab512d3afffcec62f1594708b01c70af9f0a5
2023-04-19 07:14:55
4
70
6bb04e666f7b5bd2e229184f001157d436d844c81ed77255e61b6710bfe8afea
2023-04-17 23:16:21
4
70
0693c69ded05e74093cdd0afb2fdc8050d95abe857a3e2085aad1744979b78c9
2023-04-17 23:10:44
3
69
fde739d1b5518240e7d6fb658a5acf24b4f593cf15c4b72f5fb26665e9a250a9
2023-04-17 23:05:41
5
70
b6b4af6894c2f308ae49cf0c69914a7974bc4a7e97b4e328129e79e987df16bf
2023-04-17 03:19:08
37
70
6422786f6d845b20e908a7281534e0f5a7100343f14a500bce2af2c5401655e1
2023-04-16 08:06:31
8
70
e26f580ee3c7b52dc0f1d538151c0d6a6207a4269882d24677cbbbe81a4c65b1
2023-04-16 07:13:51
19
70
2ac49229939e364b5ec2b71a343bf76292148a55323d4a89e92b9c1d3531f200
2023-04-15 10:07:08
18
70
cdc879936d6733cd01cab5cbc359ff4ae649288064ea49e0c9c046c1f977b930
2023-04-13 11:11:49
7
70
6400c7e54a06291e979ba4fca1f572d9967fb3c2393d3cc328b2aa71e07518a6
2023-04-12 10:37:33
4
70
7f23bf699e864788e338ad9d040cf480a8b8628da2f08b5d3c89c837e4b0f814
2023-04-06 15:42:08
10
70
06dc935273614e590502958a8774bf98c4c1b780a59676b59bb37cf034cba879
2023-04-06 15:38:06
10
70
1116c12e53100d415e97a2a576390040a692433c591eb0ba854f8ba72f70ca9d
2023-04-06 15:25:38
10
70
d352aca16a078864982959dae6fbf2bd7cd2a2c4ea7207d3cd713de3295d7a5e
2023-04-02 07:12:13
4
69
e9ad4b63223ae4ee226590dbb285ca662ad82d4319d84f101785a2f1c4830e64
2023-03-26 08:06:38
2
69
39b8be7840d1e8a62de92bc64edd4c32de869f0d1b56fbb832cedf64c64312f6
2023-03-26 08:05:27
1
69
40780ad906cfbc7736539ec32273cc33556aef6b7ea899c8f98e3035c44cf676
2023-03-26 07:38:51
4
68
3549e0b7d64749ccaeb90683e72188de65515d8f316826a4292c36c077cf960d

Rule Matches per Month (last 24 months)

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022