MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3cc0e518a0fb7107235a2c3bba1e2cfafe1c2e00b32936732dd6cdb677cb2e90. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RemcosRAT


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3cc0e518a0fb7107235a2c3bba1e2cfafe1c2e00b32936732dd6cdb677cb2e90
SHA3-384 hash: ea5d476fd5eb395373e02d9c669368fa3807bbc89d7313f4390547c692c70b0ba6f499bfdce1ed75e1d6e3c4a98afd36
SHA1 hash: 303a02dd7d1ed6bd5c32123209d43017acd7660a
MD5 hash: 7c6754e5cd3caeddfd21ae5817bf3b5d
humanhash: connecticut-burger-beer-mango
File name:H2A_KURT-ATTACHMENTdt.20200615.z
Download: download sample
Signature RemcosRAT
Create hunting rule
File size:414'474 bytes
First seen:2020-06-15 11:53:25 UTC
Last seen:Never
File type: z
MIME type:application/x-rar
ssdeep 12288:8zD51EJ5BoXbZ2kjp7yA0i84KVpgVvTbc:8zD51G5BoXbZ2kl73H84EiVvTQ
TLSH 789423311F8ADF2428D86508421DDC7086A70476F5F99A3F89360AA53887BD4FADFC5E
Reporter abuse_ch
Tags:RAT RemcosRAT z


Avatar
abuse_ch
Malspam distributing RemcosRAT:

HELO: hml04.musian.info
Sending IP: 104.129.0.106
From: Ahmad Sherkawi <a.sherkawi@h2atrading.com.au>
Subject: H2A Trading Pty Ltd - PURCHASE INQUIRY
Attachment: H2A_KURT-ATTACHMENTdt.20200615.z (contains "H2A_KURT-ATTACHMENT#dt.20200615.exe")

RemcosRAT C2:
104.129.0.106:1989

Intelligence

File Origin
# of uploads :
1
# of downloads :
57
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Casdet
Create hunting rule
Status:
Malicious
First seen:
2020-06-15 11:55:06 UTC
AV detection:
18 of 31 (58.06%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=htaokgfa7nyqoi22fq53uhrm7l7bylqawmutm4zn23g3m56lf2ia._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RemcosRAT

z 3cc0e518a0fb7107235a2c3bba1e2cfafe1c2e00b32936732dd6cdb677cb2e90

(this sample)

RemcosRAT

Executable exe f67653642f6bf485f584df4fbd546966e16fe413a2d152014dac2b586a656397

  
Dropping
MD5 c7a6f7f3ee6f884921f32e69f551535e
  
Dropping
RemcosRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 f67653642f6bf485f584df4fbd546966e16fe413a2d152014dac2b586a656397

Comments