MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0dc4b40e172511950b2dbfc92eda71029f090c1f8ddbbe89921f5c49ee92f59d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RemcosRAT


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0dc4b40e172511950b2dbfc92eda71029f090c1f8ddbbe89921f5c49ee92f59d
SHA3-384 hash: d278c2b5bbae5d27c1f8acd14c825092cfc572748c02882bf6990aeab1441451e5b89d7d6b5b534792f6e91276d3dfd3
SHA1 hash: b31c56045109fafabe403537e60647361a8ab4ca
MD5 hash: fd65ad955ceb50ef41e385c88d751dc8
humanhash: sierra-sweet-two-mirror
File name:POEA MEMORANDUM NO. 62-2020 ON ACCREDITATION OF AGENCIES.PDF.lzh
Download: download sample
Signature RemcosRAT
Create hunting rule
File size:855'885 bytes
First seen:2020-08-27 05:37:02 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:qF6F7WVL19KoKskkVHV2I+b3UACOTbQR4sOb+CdJlG/W/D5SM7gMISy3Fq5:lqFKVk1V2nDoOnYUbVM+/DEM7ER3q
TLSH 790523D25D8E6F45C089B18151CC97E7A57BC0EB309FC8C9CD0793BBA69AC19919B2B0
Reporter abuse_ch
Tags:lzh RAT RemcosRAT


Avatar
abuse_ch
Malspam distributing RemcosRAT:

HELO: sd.latticesystems.com
Sending IP: 96.44.130.88
From: POEA MANILA <info1@poea.gov.ph>
Subject: POEA MEMORANDUM NO. 62-2020 ON ACCREDITATION OF AGENCIES
Attachment: POEA MEMORANDUM NO. 62-2020 ON ACCREDITATION OF AGENCIES.PDF.lzh (contains "POEA MEMORANDUM NO. 62-2020 ON ACCREDITATION OF AGENCIES.PDF.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
76
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0dc4b40e172511950b2dbfc92eda71029f090c1f8ddbbe89921f5c49ee92f59d/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-08-27 05:38:07 UTC
AV detection:
13 of 48 (27.08%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=bxclidqxeuizkcznx7es5wtrakpqsda7rxn35cmsd5oet3us6woq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/0dc4b40e172511950b2dbfc92eda71029f090c1f8ddbbe89921f5c49ee92f59d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RemcosRAT

rar 0dc4b40e172511950b2dbfc92eda71029f090c1f8ddbbe89921f5c49ee92f59d

(this sample)

RemcosRAT

Executable exe 86c92d4b2244153a1f601168307d0c60f413631574d9c0ed3fe4c6fa890d6c26

  
Dropping
MD5 6a8addc2fd26cab55567eba884e377d5
  
Dropping
RemcosRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 86c92d4b2244153a1f601168307d0c60f413631574d9c0ed3fe4c6fa890d6c26

Comments