MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 38e6f096971a56f5f266ae4166ef056514accb1c3d0b2744e2e77c82ae4e2424. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RemcosRAT


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 38e6f096971a56f5f266ae4166ef056514accb1c3d0b2744e2e77c82ae4e2424
SHA3-384 hash: 809ab38efb52b9b1d81f70ac8fe3d15dc2d0de064eeb5c3cae231e74d9d10bcca75831890ed4b135c6220a8ef9ce506a
SHA1 hash: 3a3f945716fba9a915c46cf7058f9fb00196e7f9
MD5 hash: 6d52710d583ac0985a30cda5f5e74fbf
humanhash: music-montana-edward-bulldog
File name:invoice0980.z
Download: download sample
Signature RemcosRAT
Create hunting rule
File size:433'330 bytes
First seen:2020-05-03 12:29:15 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:JSF3w0QOSs/r1OYNxRvUjLain8QgZ97XKtQzyev6QMM:QF3Ks1OYdMain8QO9jKq2ev6S
TLSH 0B94235714F9834F2C9CFA7ADB4208CE809DEFF14E2971D38EA829B645B25D1ED02E54
Reporter abuse_ch
Tags:RemcosRAT z


Avatar
abuse_ch
Malspam distributing RemcosRAT:

HELO: mono.avnam.net
Sending IP: 190.210.186.210
From: Tanrikulu <pazarlama@tanrikulu.com.tr>
Reply-To: ngelescontreras@ancobombas.com, pazarlama@tanrikulu.com.tr
Subject: Re: Invoice.
Attachment: invoice0980.z (contains "invoice0980.exe")

RemcosRAT payload URL:
https://paste.ee/r/dRcn0

Intelligence

File Origin
# of uploads :
1
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

SecuriteInfo.com.AIT.Trojan.Nymeria.1583.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.23810.ZipHeur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Povertel
Create hunting rule
Status:
Malicious
First seen:
2020-05-03 12:35:29 UTC
File Type:
Binary (Archive)
Extracted files:
23
AV detection:
14 of 48 (29.17%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=hdtpbfuxdjlpl4tgvzawn3yfmukkzsy4hufsorhc456iflsoeqsa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RemcosRAT

zip 38e6f096971a56f5f266ae4166ef056514accb1c3d0b2744e2e77c82ae4e2424

(this sample)

RemcosRAT

Executable exe b55bd6825fe91af7f39a6db95cc72d531fae8edf94266dfcbf82d44fcf1e67c7

  
URLhaus
https://urlhaus.abuse.ch/url/356587/
  
Dropping
MD5 4bb65ed867616cbf443424042a82df43
  
Dropping
RemcosRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b55bd6825fe91af7f39a6db95cc72d531fae8edf94266dfcbf82d44fcf1e67c7

Comments