MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3a6380f1e8e3757960f8dcd78ee53f14b375ae840220a80c904494f346b48e8a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RemcosRAT


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3a6380f1e8e3757960f8dcd78ee53f14b375ae840220a80c904494f346b48e8a
SHA3-384 hash: cbc6d3494f34ab411c59e8150d5f68f5518233332d5b44be59860834684c63c6cf26d01b22ee625adf9fb07fecebc7d5
SHA1 hash: c6a7139a35d38f82d23ca04fa5315ab4ab76b5aa
MD5 hash: 337d13e25454333069c18c54470990a6
humanhash: dakota-stairway-jig-finch
File name:Shipment Schedule July 2020.zip
Download: download sample
Signature RemcosRAT
Create hunting rule
File size:712'436 bytes
First seen:2020-07-03 06:33:32 UTC
Last seen:2020-07-03 06:33:50 UTC
File type: zip
MIME type:application/zip
ssdeep 12288:jpIiAZK9cq3gR8zk85J6lRf+H+0GFEE9FRlh4ZNVLSMkyHb+dYn4/A/H4x:jpIH/agMkCJ6bkuFEil6LSMDCanUA/Yx
TLSH E7E423EB82A042FED0428E9FF85A935AD31E223ECC02468F6B773559D9C254DE1C6357
Reporter abuse_ch
Tags:RAT RemcosRAT zip


Avatar
abuse_ch
Malspam distributing RemcosRAT:

HELO: mail.befactto.ml
Sending IP: 45.147.162.87
From: Amy Chen/UFL - TPE <admin@befactto.ml>
Subject: Shipment Schedule (July 2020)
Attachment: Shipment Schedule July 2020.zip (contains "SA00141820 - DRAFT HBL.scr")

RemcosRAT C2:
188.72.124.143:2855

% Information related to '188.72.124.0 - 188.72.124.255'

% Abuse contact for '188.72.124.0 - 188.72.124.255' is 'tech.support@systeam.pk'

inetnum: 188.72.124.0 - 188.72.124.255
netname: PureVPN-NET
org: ORG-GSL32-RIPE
country: DE
admin-c: ACRO28245-RIPE
tech-c: ACRO28245-RIPE
status: ASSIGNED PA
mnt-by: leadertelecombv-mnt
created: 2014-08-02T06:49:29Z
last-modified: 2020-04-06T12:03:24Z
source: RIPE

Intelligence

File Origin
# of uploads :
2
# of downloads :
69
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3a6380f1e8e3757960f8dcd78ee53f14b375ae840220a80c904494f346b48e8a/
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-07-03 06:35:06 UTC
AV detection:
29 of 48 (60.42%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=hjryb4pi4n2xsyhy3tly5zj7cszxllueaiqkqdeqiskpgrvur2fa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RemcosRAT

zip 3a6380f1e8e3757960f8dcd78ee53f14b375ae840220a80c904494f346b48e8a

(this sample)

RemcosRAT

Executable exe b2f999593d2004d1ea8797e0d1a20096b204e5211d1b39b5e4998e7835555e41

  
Dropping
MD5 5b494b718fd406a604a52ba106a7117c
  
Dropping
RemcosRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b2f999593d2004d1ea8797e0d1a20096b204e5211d1b39b5e4998e7835555e41
  
Dropping
SHA256 df213abaf6f4c6af40c3798e8f85b9d91c41c004c3df69e3d2e94758068504b4
  
Dropping
MD5 2798c62c58bda705888800cb4f7a6d64

Comments