MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 16435e63718eb63e34245e94841c47fef3a10776c09fcab8956c3d7dd60c1804. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RemcosRAT


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 16435e63718eb63e34245e94841c47fef3a10776c09fcab8956c3d7dd60c1804
SHA3-384 hash: 0a18dcd368757a014ae8852e15546e8ed622a2ba8eecfd8ad2419f45ea7e8b654ab9a43be58d1b1f0f29c9a0a33ba414
SHA1 hash: 973139405d3454c1e26b94e5d22179ad8fd4586d
MD5 hash: 8768cf53dce45f0e54f8c6ff4781a211
humanhash: carbon-xray-autumn-magazine
File name:PO21-4574.IMG
Download: download sample
Signature RemcosRAT
Create hunting rule
File size:1'245'184 bytes
First seen:2020-06-23 13:25:02 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:LARldIm597ql0ynjNHEJRXZdL38YN2Je7qWWWy/z:4XHql9njNHE5Z3PN2My/z
TLSH 8945AF33F2C08876C57E29B9AD0F45E5961ABE757E18A44A3BCC1E4C4FBD2913C29193
Reporter abuse_ch
Tags:img RAT RemcosRAT


Avatar
abuse_ch
Malspam distributing RemcosRAT:

HELO: cloudhost-433778.us-west-1.nxcli.net
Sending IP: 173.249.144.98
From: IZABELLE <info@gbp-international.com>
Subject: PO#21-23062020-Urgente
Attachment: PO21-4574.IMG (contains "PO#21-4574,pdf.scr")

RemcosRAT C2:
206.123.129.103:4565

Intelligence

File Origin
# of uploads :
1
# of downloads :
72
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/16435e63718eb63e34245e94841c47fef3a10776c09fcab8956c3d7dd60c1804/
Threat name:
Win32.Trojan.DelfInject
Create hunting rule
Status:
Malicious
First seen:
2020-06-23 13:26:05 UTC
AV detection:
18 of 31 (58.06%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=czbv4y3rr23d4nbel2kiihch73z2cb3wycp4voevnq6x3vqmdaca._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RemcosRAT

img 16435e63718eb63e34245e94841c47fef3a10776c09fcab8956c3d7dd60c1804

(this sample)

RemcosRAT

Executable exe 09394473fc2c076486970d70011c480439b9e799be2966197e1d35bb9ee7b506

  
Dropping
MD5 190d1afd030d80e7b449ad78e97d8cb7
  
Dropping
RemcosRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 09394473fc2c076486970d70011c480439b9e799be2966197e1d35bb9ee7b506

Comments