MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6471e27525e0c5fb223331a86aa2b18c2f9fb334e5364a90ff4bee428f40e018. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RemcosRAT


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6471e27525e0c5fb223331a86aa2b18c2f9fb334e5364a90ff4bee428f40e018
SHA3-384 hash: ca7dc0f03ba10cd3b7a72a6aa80fbfbd1fa1ad61d1eca06d1b81f77c73a1cf69f9b5883481f247c7dd698baad015b336
SHA1 hash: 8b7c2991196192d58d796f6a70fcd8142f7fd898
MD5 hash: b2483282476ee4c1226941e494205fb1
humanhash: lima-louisiana-emma-dakota
File name:SEND ME BEST OFFER FOR AUTOPARTS.rar
Download: download sample
Signature RemcosRAT
Create hunting rule
File size:227'987 bytes
First seen:2020-05-25 12:37:03 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:kol7a1esXM/iRmjf+Qu5vxrgOHORb6tkVNsAuYKF//1:T8pnhqOMb6kMf3
TLSH 582422F727A4329E84C2CDE2263DBE4E89DB6E823570A3E487CDD53F095E048C982D55
Reporter abuse_ch
Tags:rar RAT RemcosRAT


Avatar
abuse_ch
Malspam distributing RemcosRAT:

HELO: llsk281-a17.servidoresdns.net
Sending IP: 82.223.190.12
From: administracion <administracion@copiadorashuesca.com>
Subject: INQUIRY FOR AUTO PARTS
Attachment: SEND ME BEST OFFER FOR AUTOPARTS.rar (contains "SEND ME BEST OFFER FOR AUTOPARTS.exe")

RemcosRAT C2:
servr.killifabuse1.xyz:8643 (172.94.49.180)

Intelligence

File Origin
# of uploads :
1
# of downloads :
68
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-25 13:36:51 UTC
File Type:
Binary (Archive)
Extracted files:
17
AV detection:
27 of 48 (56.25%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RemcosRAT

rar 6471e27525e0c5fb223331a86aa2b18c2f9fb334e5364a90ff4bee428f40e018

(this sample)

RemcosRAT

Executable exe 24ba43e08e645a71b01db7cd77883fd1aa4c21e834f45c4f690768ed28c23552

  
Dropping
MD5 a2d9e8144dc7945c0e187285f9648030
  
Dropping
RemcosRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 24ba43e08e645a71b01db7cd77883fd1aa4c21e834f45c4f690768ed28c23552

Comments