Jump to content
RobinCM

Backdoor.RevengeRAT or is it?

Recommended Posts

This is being detected as a Backdoor.RevengeRAT but I suspect it's just part of the normal operation of an old version of Sage accounts package.

Please can you investigate?

MalwareByte's actions are causing the Sage application to crash.

Zip password is: password

Quarantine.zip

Share this post


Link to post
Share on other sites

Now attached with no password (I'd assumed that without a password MalwareBytes on my desktop PC would just immediately quarantine the file inside the zip...)

no_password.zip

Share this post


Link to post
Share on other sites

I sent the hash to virustotal and nothing was found.

Is there a rough ETA (or SLA) for some kind of response on this? I am a paying customer of MalwareBytes Business.

Thanks.

Share this post


Link to post
Share on other sites

Thanks.

Do you want me to upload any of the other affected DLLs? They're all showing the same malware, all have similar names and all sit in the same folder.

Share this post


Link to post
Share on other sites

Sure, please zip & send a couple others so we can be sure the fix in progress will work for those files as well.

Thank you,

Share this post


Link to post
Share on other sites

Thank you. 
It is going to take another update to fix detection on one of the files in the set you just sent. I'll push that out once this update is done.

Share this post


Link to post
Share on other sites

Database update is out for the first file you submitted
MBAM2 Version: v2019.10.07.20
MBAM3 Version: 1.0.12797

next update is in progress.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.