MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7591de23716213b91b413dea239ead6d79cda956de4c80d164df6f194c3f2b32. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RemcosRAT


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7591de23716213b91b413dea239ead6d79cda956de4c80d164df6f194c3f2b32
SHA3-384 hash: 6f1d2cefa041143dc9d31febebb168774469d0d1a8ba2d0aab025f21e6d1faac812dfc9d0a8f568d7114b4a820debba1
SHA1 hash: 3e1793cde60c79f504440029c11888dad3f07210
MD5 hash: 9f0617a97269e590c884ca8e01ca7471
humanhash: nuts-virginia-mexico-oregon
File name:Emneurope - revised purchase order.z
Download: download sample
Signature RemcosRAT
Create hunting rule
File size:221'004 bytes
First seen:2020-06-17 05:57:02 UTC
Last seen:Never
File type: z
MIME type:application/x-rar
ssdeep 6144:cEIA25CAupFBuFWrUJHlZhksyQMvVCo8kE9FeB:XqCAMPI3VlrHtkE9K
TLSH 1C24237EA33BDDE9F412A6EB575B87786119098084B5D03B24E41C961C3A58F3CF8EC6
Reporter abuse_ch
Tags:RAT RemcosRAT z


Avatar
abuse_ch
Malspam distributing RemcosRAT:

HELO: hml04.musian.info
Sending IP: 104.129.0.106
From: Daan Lucas <chung.tran@dacloc.com>
Subject: Pls note - Revised purchase order
Attachment: Emneurope - revised purchase order.z (contains "Emneurope - revised purchase order.exe")

RemcosRAT C2:
104.129.0.106:1989

Intelligence

File Origin
# of uploads :
1
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=owi54i3rmij3sg2bhxvchhvnnv443kkw3zgibule35xrstb7fmza._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RemcosRAT

z 7591de23716213b91b413dea239ead6d79cda956de4c80d164df6f194c3f2b32

(this sample)

RemcosRAT

Executable exe aad53b1b6e50e7ee426f0790b5497cb7d63704a6775248f258db1263762761bb

  
Dropping
MD5 cdc6e1d774fe26e090914e1ab9c1ba82
  
Dropping
RemcosRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 aad53b1b6e50e7ee426f0790b5497cb7d63704a6775248f258db1263762761bb

Comments