MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 561b4e42b2bc0a83fb752b767936dffb8ac08ecc5fd258761438596bedafabc6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RemcosRAT


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 561b4e42b2bc0a83fb752b767936dffb8ac08ecc5fd258761438596bedafabc6
SHA3-384 hash: 824abac43908c1719540815d1cc26eeaf044bf506d4f44f672e60befa6c5bbdbd60951240b73d545203014bba54f0795
SHA1 hash: 97dcadc85f324f4c4375f528ff2647749f2d7a8f
MD5 hash: f16c920cc31894915da079db1f6f50c2
humanhash: single-red-papa-delaware
File name:order.ace
Download: download sample
Signature RemcosRAT
Create hunting rule
File size:634'617 bytes
First seen:2020-06-03 09:25:55 UTC
Last seen:Never
File type: ace
MIME type:application/x-rar
ssdeep 12288:wOUYgpMUBLF3Fl0Sbc7ccE2hpf/0/F5KNJZlfOeHLVBkOnlkeLshA:wVr7P0ec7ZEyf0kzfOeHoOnl9Q6
TLSH F3D4336BD3DBE02A763F84A6492050DCB5BF519485E0B71B90C07A58878BEDC38DADF4
Reporter abuse_ch
Tags:ace RAT RemcosRAT


Avatar
abuse_ch
Malspam distributing RemcosRAT:

HELO: vps.signform-pl.me
Sending IP: 45.95.169.216
From: Import Rucca Co.,Ltd <corporate@colonytextiles.com>
Subject: Fwd: Re: Order
Attachment: order.ace (contains "order.exe")

RemcosRAT C2:
www.fiamim.com:2556 (185.19.85.175)

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-06-03 09:36:08 UTC
AV detection:
19 of 48 (39.58%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=kynu4qvsxqfih63vfn3hsnw77ofmbdwml7jfq5quhbmwx3npvpda._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RemcosRAT

ace 561b4e42b2bc0a83fb752b767936dffb8ac08ecc5fd258761438596bedafabc6

(this sample)

RemcosRAT

Executable exe a500f27709fb009950d25abae11f25c6e8e0205d15931530467ecfb342a661ad

  
Dropping
MD5 75cef2dae16a983c118e6d11825829b5
  
Dropping
RemcosRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 a500f27709fb009950d25abae11f25c6e8e0205d15931530467ecfb342a661ad

Comments