MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7adaa2ece539a6b3a01060e92ad910a7e8983e6325d72dadb257d7085f28ce81. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RemcosRAT

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	7adaa2ece539a6b3a01060e92ad910a7e8983e6325d72dadb257d7085f28ce81
SHA3-384 hash:	6ddf466bd57a341cf8a9101b0fef708e96347024f0401261b06672591002a0669561ce492a41e209c914bded37bfaa89
SHA1 hash:	d7584d324eac7693090f06d07cf8708b9d5e6eff
MD5 hash:	c15718ee640686215d871212f87efcbb
humanhash:	coffee-louisiana-hotel-alanine
File name:	ORDEZTECH202067.zip
Download:	download sample
Signature	RemcosRAT Create hunting rule
File size:	142'344 bytes
First seen:	2020-07-06 06:40:08 UTC
Last seen:	Never
File type:	zip
MIME type:	application/zip
ssdeep	3072:n0Fj8HsRQ1gU6VYxSu0XrW+3BquSOwyh+c8Lb0HRkrBhvrDGFq8:n0Fg9hgbN3qOQbS2rB1Kn
TLSH	A3D312C2289E21EF4842F6DC898E2B575EF505663271930FC5746E7C2FE868C1F6911B
Reporter	abuse_ch
Tags:	RAT RemcosRAT zip

abuse_ch

Malspam distributing RemcosRAT:

HELO: bosmailout04.eigbox.net
Sending IP: 66.96.185.4
From: Khan Industries <abdul.kader@vahlemiddleeast.cf>
Reply-To: exportscoin@gmail.com
Subject: Re:Ztech Order 2020.07.05 invoice requested
Attachment: ORDEZTECH202067.zip (contains "ORDEZTECH202067.exe")