MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8e51354c8b2f461ab0cfb92409bc45bf4e06ae244080513e2d6224dc22f47771. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



RemcosRAT


Vendor detections: 13


Intelligence 13 File information Yara 9 Comments

SHA256 hash: 8e51354c8b2f461ab0cfb92409bc45bf4e06ae244080513e2d6224dc22f47771
SHA3-384 hash: b980b88c22f92f87ecb920ca18e28c33e0c6b0c2b79df16fcc04a569aa982fbad3265d32b6a90c16299ca655dc184f9b
SHA1 hash: ab597cfc0433999f2032c56fe2c9e17081bcab46
MD5 hash: ae4bd6c5a7eaa50704d43d6054fc5dbd
humanhash: hot-pasta-july-island
File name:Request for Quotation.exe
Download: download sample
Signature RemcosRAT
File size:246'893 bytes
First seen:2021-02-23 06:35:02 UTC
Last seen:2021-02-26 18:09:31 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash ea4e67a31ace1a72683a99b80cf37830
ssdeep 6144:M11Q0SiA9hfCmuW9e2TA3Hk+B3rUUWISpATi:ziIfCmuWE20kMUISpAO
Threatray 1'640 similar samples on MalwareBazaar
TLSH 1034BE2A3ED39C52C8F3D67E2CE5AE31CD4EB4D701718A7EBA4CC62CA1552508D2E15E
Reporter @GovCERT_CH
Tags:RemcosRAT

Intelligence


File Origin
# of uploads :
10
# of downloads :
44
Origin country :
FR FR
Mail intelligence
Geo location:
CH Switzerland
Volume:
Low
Geo location:
Global
Volume:
Low
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %temp% directory
Creating a window
Creating a file
Unauthorized injection to a recently created process
Sending a custom TCP request
Reading critical registry keys
Deleting a recently created file
Creating a file in the %AppData% subdirectories
Sending a UDP request
Setting a global event handler for the keyboard
Stealing user critical data
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Detection:
malicious
Classification:
phis.troj.spyw.evad
Score:
100 / 100
Signature
C2 URLs / IPs found in malware configuration
Contains functionality to capture and log keystrokes
Contains functionality to inject code into remote processes
Contains functionality to steal Chrome passwords or cookies
Contains functionality to steal Firefox passwords or cookies
Detected Remcos RAT
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
Maps a DLL or memory area into another process
Multi AV Scanner detection for submitted file
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Instant Messenger accounts or passwords
Tries to steal Mail credentials (via file access)
Tries to steal Mail credentials (via file registry)
Yara detected Remcos RAT
Yara detected WebBrowserPassView password recovery tool
Behaviour
Behavior Graph:
Threat name:
Win32.Backdoor.Androm
Status:
Malicious
First seen:
2021-02-22 23:46:48 UTC
AV detection:
15 of 28 (53.57%)
Threat level
  5/5
Result
Malware family:
Score:
  10/10
Tags:
family:remcos rat spyware
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Suspicious use of SetThreadContext
Loads dropped DLL
Reads user/profile data of web browsers
NirSoft MailPassView
NirSoft WebBrowserPassView
Nirsoft
Remcos
Malware Config
C2 Extraction:
103.89.88.238:4299
Unpacked files
SH256 hash:
6fcea34c8666b06368379c6c402b5321202c11b00889401c743fb96c516c679e
MD5 hash:
fccff8cb7a1067e23fd2e2b63971a8e1
SHA1 hash:
30e2a9e137c1223a78a0f7b0bf96a1c361976d91
Detections:
win_buer_auto
Parent samples :
593cf2c6d3140a5bf6bb6378aeadbc15abfa17691250e6ef1804d40534fd8a2e
c34d0660da24b48480de58aaa394bd27f5a5b1ed9249d897ca4dde70312a87ec
b9df96522a30d05a026ab8874eef5ddae02042585e4cc5773909838250cf2635
1d64c9836f3e45a4083774fa75ef8b1ca9be4b85561ec12608a10570734f3725
b2bd105de2f9c5d0279deef963d061a72e179c6c2b1c7bdf3fc6ddb0a36ecbe2
dc6e226e21a3ebf95909cadc0c601a5188fa199c4437e87ffa6e86050f8e9329
44e2eb9a62af8cabe0ccb058170ea407e3b024ff0fce8a8459f7fcba48a9a157
585b90e0edb07e66ab99c6a2fdbd7190cb0cac755d8b1197ed8eb08fa82b359d
bfa6782a452a6af5d8a772c18448a3a53e3effaa28a322c8941329cd9b610a62
e6d24fceb2d4b9e9084ab4d728405d1d87eac612ed546e36648ce852d63b7904
b1bfbde2135326041c2ca0c01f6cd3295d90fbfbfb2be8bf78c659ddd071e853
cb5d3ada5e36015298b1ace6c98bc78d05665cc00670d08283ea2ad28c663632
697b6bfe19cd6468e7930c14c997e746a433ba9b11489bb02835a6183ec3f4c0
4f7ccbc55dda5ed45be0fc7dc48b18719556ac9018d5aa4eb9f9ff0470eaca95
9c03ceb1f14c39a8f156175a3a409a7a07e6134197609bcd2f087c4ea7b42670
b512225b90f7fe3650ef72a79a88229aab31e5907102d2bc962c88db390f168b
d5a4fddad0c97443d8ddfd4d0531fa43d7060b4601010dda2be37d93f71e9a9b
b8db7c77bddbcd34653bfcb9f74eaef50a4557e2bde18214798a5c2baadedc51
62ab7f4e1a162a12e3122e31d978e3e7f91eea901b409f9ef4af9db3c71fd053
d32eb2523470b24c24346c9d49ce32feda0a8f0205f731d34db5066e08be3acc
e81d26edffa4b4570584bd1cb36211587108dfbbfc24f303a2c3e261cc3c59c1
6b208bb60a779b6b4e202aa7b7593cdc0695f0534527d8d3a66c13977ef1c572
186f4de953b54cb622b704d012699de984f36e71820c3aff6ffd085efd79c36d
924a523ffd992e6ff880c4945d7edf48ff9eeb73c4477a50bcd61b89b59d122c
2a5abaac43855eba69f0604c77707c72d197c3b3118d458f2a944f371bc65fdd
7d502dec22302537441fdc43c60eed70bcde7f97bb14414e7859439d2ec7914f
eddb00e96bcae82158333e9c0a0e0e1cf8002af1f6287fe8a99f5e3d619af2fb
b1d2400648b78d3d1e3ca15617656885424101cec434c46eb734d6d898c51838
eef925d163ac37a55a144594680f4269133fec3bffbd2a24f490df697b3a6cdb
15714789278a8827254387292087ebc9d60a56b4ece470e82db1027a064755c4
4c51f78fbe90c4455d1a0c1f45ff575571974df030b1ea188bf9ab67f4552c68
438f095538e09af9bbed2379f8cfd673847dc00df4bc8ff3b47f4cb3645bf966
db829cd71600a93bfe37a2d7ff5686ed39d88f30723cf93b272de87cc1fe1aeb
97eeffaa05f6d5be6f289b6869bb0ab655ee4e5833bec7cce7dfb28e90b69658
719bb30fb8ff3d79fd0216bdbc9f9d1b377c1456a20c8d9a26f1a19e283352ba
f5e4a9bf24a4b406abf7b4917e7dff4254330edb13dd2f40a2669e23bdfd44dd
e759db35e2aa047d055ca4d5d089da667aaa39d443a35601784090382f0d1e2a
30a41d49e9b62d6a7f49ff2ce874cb985a5e5f8f1f13ab6e0f0a951d628bc0d7
9cd888fa0692f8d0ca69548532ae72171b426d0e9d8b3b46acdbbe7636d653da
7f43651edf5d5bb92a5c6c66042d068d2d4e27cb9a6e45d46e03ca7cbfe4f39f
7fe25d7f3178a4f42031c26e93000bb71e2ccc9fc80954876728acac18007f12
5b8d9f7851d43cd5821f8990ee81d56c324d2979945a80f070cdc5f0f2abda16
3c007de8eb215905728ec35dd6cea4d73e76f1c226092469d983ac4c9df11363
862ab6d50c7862d406879a7a2da5fcd5d658ad60b22b111fe5b2d9e3635075cf
ffcf5fb0cd579ec9b9ce49e2b1eafc62f89fdcb5d418e338cd6dab310a241a2d
3926f5e7d90bf6eb1f4b3cc3d38570efd19438e5c5d9fa8b02a8a79fdad8ce4f
e6f6ec4a9b3a6926ad4ebe4b76accbc49716d24a290721a6bd2dcc37d6b2e4ed
d7155563664997dce019cd3152f65c747f41c25aff32a556936f34b01f0f29f8
f7d222048f84854759569ffb3c62feb6f68b10f3d3099f89d889feb18813fa4f
2011f4627646b8cfc42fecd67dc6eebea3956978728ed2a94157f0d3aa638c93
df6c946f647e06d231277e8ede37119cdfcff0ff2d519f215c14cab316b32221
40b83e6d53dd993f36bb71599c7be7bb0d8e8e95e4091de1884ca151f3416753
d47d09a9514e4de8ab5aafb93c803ce2f7dfa93461681aa1f28d86a50c6fcbe8
6674395ac64cf9ea46ac7adcf063b34ec1236eb0de473ba69963ec686a5de4d0
ece8b68a083a9540468d0c104c6858e8c5b3110dc8047af37371c85a50309237
94a50ac6a7cfdcfdfae1e02f30150c5550293d96b6a47c57f51744bc7ae28f03
9882b4001e9fa2da1558914bb29c16fc499c3499ba5ec249fad5302b39aa7826
d968f2f9d3fc7604d16be3fdf8e4367f5ced695eb0c3706fecf04f7754c5cd5d
cffc78e64ca2533de6c216b9420fde1e51884ac2b82e340a400466ed96002017
0acddf5a75ecbc1da6ed26230c0adcd7a8cd31a95a0992cf2b5712355374012d
563bb7942710f08ce409f8418fd0d917877998c978ab0155cb3c1b5eec3b1e7b
83571a3ed240920c10403fb91eddb873096c02762e3a2f9497650593b0566546
dff0882269f2bb8db1f49b8deffa547f018facd1f847431001b7ff0686d3a754
b4eb47553d21aebc1f5716c2916e89397eab193c1648449b73876c17457d356a
7c1e149c846e0453788be45dbad28de16018cbde56d0ffc712ac1d6db8abcb09
8e58cee6073e0c445b4249b05787489f4828b7d84b7ad6bb09e645a960f9885a
aa095e9a87f520e2ab3d903d403545b681d1b54997cc6a8c4273970e6ace2f13
bd107a32155ac1c06bc13c718c664e6faf6b25b586ad950e4d07a0e03da965b1
6651bccb46e6763f601eee888c54fec1c5cd085750e0d05eca6d595ab59a890f
2266abc88d7421b5b3ba4c8691d6ae3ca4a0950710fbb1ad37e78a5785b09097
9f2a32bb6f4c076d372ff0f8244cb4428118b7ca482c9db5b3be1bd8991a8f68
ba37e565326e38c8d7ce5a02d385ff8ae55a66ef81edac15a72f59a92e7ff090
da039f0ea44820791cca823e019218e9927c6dfe22d6c0f23063521cb0038c22
4e206dcf64691be28bb9194c7975c4fa84a10ce8565d518939dfd7b95103b0d0
47330cd2d55a4e42ef2e40230761936e13be6ec360ae0121c8494161841011b7
0a9583ebaf30c17d64bce05bc63422c9e15c34f31e67d240f137fe37414fdd44
b07222849fb4e7b330768782a9f900c3f28ab4de8ea584eef5ff62df9485111d
6133a328e01379d6e45f954db62359ec9217b220a1e359253dd479bce7905b19
334c66095834799531fed4e977171a3164050c285f943b4433c45820c9038cca
88cb48f7df1f0d18588de291df9a51242ad932823a4e73b2405954e4b0c2032e
cef74fa8ed9f3e0518620d87eab133325cec5dbfb657c4a36db54263f179e595
8d9da1d788ebe7f59e20c10e6283757e407a2e3befc63b4df9df138d3277b39c
9491c91cae1e9ad06eeba4463f79aaeb35329c72a24dd501dfa19c96552b044f
6b403146e3a8b29755915a0577f4411bc1b00e753bef05cb8cc8980841257db0
35e6adb235afe33e07e1078f371a55131043d12b8bc1eeda182961eea15fb329
7f7a485b67fb5f5a583ad6af699bcda1732f6b4c3d0f4e7126c57e3312bb7616
1fa8e3489567519f9ed48d1323d7316118bfd2f5f6434a942202e4ccc64f8fbf
bb905066d588ca1cbd907b80ac93278e57e565136e76fea12ca14419f204f7a9
c17fdfde5ec4fb24c28ee4707b0445649384bb92de6814a66e330efad277f6b8
17dbd8dd053a49bd380a82768b7f8d115d84f81382afa6913164327cb237de5b
96282ae0c75bb56416f86fcc7891e115bde36d92cc5137873f1ea6117564ccee
fb1b6ed3389cd0d8e9339a3790268105488f72c988754a2437e1738dc98778a0
2f665f13b22691a3e209696fc7135cd24e35ed5ee961f16d1490d98bde98422d
c126c825de9ddbbf35ebcd0f63205c80f769e55d95d27e1dadda8b5c9d245569
5e830a2d4d6657b51c64675521e224dab8ba81916e2409053f549f045a85b4d2
41a4ee153b3c61cc8ed50de571e5b8f884de1c8c07332b7b31f238360832988c
f03ce9b002d389709422b30388879f944410b91496c44cb29dbeeef0788b8987
5f3be7bf52d0617f50d8dcf095edc606854a589a94f2ac8186d6b9406960aa86
79fd58a3cc4e8c1ff9fc6e159f504fd7f1996e77ea6c15b7303792082a2cae86
19a8635bb3faac894101fe7eb5f9ab3be3cfdbeca231e220df546b0b0f4f7852
c38dae4b2e2f1a502e5047777cca3852274c4b1727c56fca964a5adf0d0aeb2a
650750b450fd881501aa5a879696e9d61e8fcbbad479ce37b0a2bb081d73c209
a0f6adfa2f820aaa7e0df26286974d15843905f4831ea4250d2172d02665229d
96fc6262a2fc1c74b041cbf0189fe02225dd5b117a2d80dca53d665f34376d71
9f5be050c4fe63704809ba4d8b65bb1d52e54b87bcbd5d65ab2ffdf73e7b5400
2d8ac5ce9c627a64ddaa5e12ebf26b9710ac9ce72660b68e35a3e576bf1ec897
04acff65b1e5cc670ccd8a1eb102ce88ba8c1baa65a52ca2aafa8df739920d43
35a601577d73c3b1d5d57768637b39c1eafa9ec7ca6f853a2e73a28ca8622ce1
f09416ef7aaab2c43c62ef77bb69c005ec4a57d4051586f5e7d8571e74fee41c
52b5f2f95b1200b20a6f3adfcb93c6f87713155f83176dede353ee158c7c1b63
4ee463200a2e23f5f8cd27820da94a17de71dfbcdd4793524262d6ab2099b44c
918dede163276d652ee3fc92b2ec93733850b27a31339e6e972536d168990506
170eb254fe7cae506272dd7f934000734f55648fcefab6843eca50311a98a07d
d092a60d031f2dfa8d009742db3f7d78d34d817f9c6be57a7b21469203a48dc3
c67a752275a99a0ba74a93e5a715a591ad9db9eb010759cdf41b1e7df980e84d
10bb7ca69735c3c4c7fcbef8c0df4cd320168e762d6a2e1a0770c14cb6a730d4
a134e9815c6d82b5dd7589b78c3d3ac93f7fbc9ee24072748bd53cdf63164d1c
76947dcfe886fe0e3273c7723140533999741f239a2ad7568a460cae74bb0e50
67bf85e54212cc6dd8e3f3bdfe292d7440ae7f7ad5f131f9c8b5ea51a86c1e96
29ab5296a03568541165c8632739206457548b5277e7d11f4bc79c2abf8320be
b3fd5cc76729cfec4f1276888efbb03242da731a2e098c298d90397463b9c15b
5e0414eddc6f66f187a13acfc42cd37568af9f904823e0bceebc5c7f451ea80a
cc17e0a75ce1d2770db5ab70177b9ffa3665d7c46290a9c61deef05e41fb48f2
1c467dc71d7b0c45084f7b1a66dbfb89409a42a6ed818d2496d9186874ab61f2
45fda70b08542ae52a8228a61e317973f42b477583841e384e9817d7d2dd3709
236b763d8673bd5d57a971fcdc2cc518e6eaa6ed44647ca9bf66b645b95121db
5101663e1850401504dd1e56231725be9a3001ed01e99fa88d348b9511c52f4d
76077fb5cc22e7b6f56d291a9ba616655185ebf747718b198fa3f2f3e27e89bd
6a37a2a65393b805bbe4e7e4e42b642da433e9caa7436aaeb9df8ab0fc6679b9
790266f679f399a10b26371ab1cf17292a9586bca0bc52c97f13d965b78911a8
a4ed754c1a38fd8fc24bb4ec7f5da899c254df070bcc8cfd7b16778701c4b72d
1b349bf40b363ba0fbe4e194249ad989692b114e9004b838176b63119a259d7b
149bc7bb666f2eabcf946822bd316709ddeeef787f059687415f98c71ad47783
263c4e903d71b3904f1759fd6eaa977a301ecdb3a3ff17ef11744f703a0a37ba
e0373c3ce75d84a7a083c330250a6ad3a6705ac9bad84353bd7bc40dd3f2a66f
14aa67b289452fbb68197a676f9a291aae35cd72c3bc7b425e7c42645aac6d65
0e834bafb88b050fa0c9f41ba37c204ce3cf1aa68fa3793ab607d46c7fbd8f89
79e70809a85e291f9da3d391131208ce7645dd512eb6bb71811154b43da23222
5ec36ac5ba843f29bb0dc75d7d527ab9cee34a681bad704a89fd5ed12cdea337
b66943faaeb4de1f6066764d07515e043699a394366b4522c8fdcc99baabc3b2
c1dc214e929541d1f9d0ede9422bf40f61f766de5e8a32bc2fb2d73a91e4a71e
cfc09cd2a2109a174ccbc346779f2e19316be4601173e2e85c3e4314cc139017
60053fc2289d803a6b20728e2fccf49e179298aa55cf2c1c202d8715d685cc1c
9fb198089a3815b1b5ead8e5c11c087a92aa37769e3ab9fc3d09646557743d14
dc5f7d89ab2465597ff7fa9f544326613aeaab2afa6e2e457ba5fc0da15bd450
2160a2fba2efc22751b82cebb9d4ce21dfe35782cfb21bbf512687f413b80e65
8241caa4d6c5a09290864492d19dee143f0f80074d370135c0f91bad01c16ee3
ad855c55e13ef5274a20805a3836b508c29cae12d0a2de2807aed08ed4090ddd
babbf8b93cbd5365118d80cacab0e69767da7d1837f7a311db03b9834aab399b
f62ca03ce9a80ac13bce5c2854a3efbf8bcb9f38cd2bf0dce8209af516b2338f
0c7c3ffd7b698b07d00bdad9377fd00b5dd6d853f06f670b63d6f082dac60391
dd134b6fe92b24b9ac819feb43eaa9ed2ac5aa8891f711bde97760cc42001088
1432f0240c91b7439722df807e35ef9b4cc9b126f3e5d42cedb27b28751118d7
8a59bb0e1678af1df0b5d32e17ecc543310876b8b27ed18350ffced305ac32bd
755bc6c1a99b53ba365ed25a2ba1d6746fb5975f9f6f7dfa2867baaaa17e8ea0
32a317da4e48e09ad4c10a5783364d16c8e2f04565c5bcddcfeba9ebdd993529
fd2892b638fafa197381cb5733431ce920baefa842c17e379a809cc837fcb445
3f6f1635ca9660f24bf4e9527ec6136ed50ad9a8a88e442768143d55eb73a6af
c1fa41f10a15d258d2edf7c06648ad2413ca25d7e2b4de2b45acfde204b1cf45
d5669782d8f171a5a4328838da8c88607282cfcc3e78f370a9a64acde681ec00
18ca07a540dbd6da66851f88c11ad7683486e33f5c2512fe5c4837c44f8f4bc3
9873854dd2a7bf49a8aad2d496827601c93c69f3be5d0b492c8b0ba8cd8d08c8
da4c371fa8b88444333538a505e2043b36c02274fc0e71105d57e77cf28a7173
1d0bd7fe0b3b7002d842acfa3da391a8032de93b87dee5a40ea3d585c4a2c43b
857b42ff5f6a619eeff3f1682832e6f9f756b3f9da25e8b769cc408a5dfb41ea
e4829442c3a0d729a1c088fc23b8c3b4816cf663024419c4c10fb5ca897504ea
8da9e3c393eb496106db5166a9d6bb40a1759f3f6b15050ff9ddff674f83e0c7
8391835d9c8631ce468831d314c5735403269ab2f90cdf42c3962bcdc28d801c
0be2bc9229a7671ec62b190d2a6c704cec0862bdb8abc6d5c56c2fc19cbd1822
b5ba3f8f7dee43c7924a626f7e0cf088dc2c4ad21d563b770518d3abafda1f69
3b68f1160170c00ae9eb318ce484ac865e9af0a45c915da8e6d2ad7fb8e45257
6fc2efa2cf3861fffccd45eb3102c8946f443e88544094a4524df69d91cf41c8
15ff3f97abb9c38042efb8a361a8fe7c6918106c4978789ab67155765d9f0f10
38764c9294a65e753c60fbdd48ad9863d1213fb662ba58a1eab5953d4571b337
c9fc9a54366452a99c7ed753c7f5055141bc579b1a2530f8db7d7a039db6225d
b5e2b52a984579c7f0aa92d0acaa6eef67f06af5330857ba98a62345edd59908
8e62eb17b50936053675c33dca61e87b9d29cbe7d699f0949abda1dc16b6ba33
4a75f7167cebce580af085e2cf97b7a5642f6d33900e40d9d97f0aebb9ee87d6
8e51354c8b2f461ab0cfb92409bc45bf4e06ae244080513e2d6224dc22f47771
76f26fc045c49d67998534066fe97d6a1565cc43b7045ae98dc3bed387314b82
b082aa828dd2eb42d6e1de8ccd8573ac3096ceee92ad26449fc1df6e490ff4ed
0961867a9b02bc083ea6bfebbfe22f2c65df60e429ff34b48f1a16c1dbd6c8fc
6ba5c67ab5a2f0905d5140b65b193d1062bcba3abb6e9755efe2a862f753cc95
0992f11e6ce7b0ca1739c554f2dd68878c3fb17e698a71abf75db9a29b881e3b
beb9791243e4a8965422d785fd9dacc52014c80f226b7fb1b0b74511ca3f1bc3
fc87ec8413194c864266e8aab3d9fbfd08714b1205ac29ac209f316feb7b0a27
b060cb81afd9113cfbbb1e346c99e503c545da47ed80096c021b7ca41c064c76
38b6a40d2eeddf38695294c57971fc2efab81fea95100260a2003baa13616b83
d8e0edf1cca3b6edefcd830e233131c593997b5bd4454891dc1b70614862f718
7c3e93bf856d1488c0058d3a58c1f11d809bf2dd4aca396bfce1a02115e9cb3f
8499e016c470f2735d4873be23619a68ce08a7a1f67b7253f9da698d3d688655
6b0bdb675b4edca05f802e4a48e879c9f0f9bcedb8bc362d77ec714f3df6baa6
d4257c565fc08d4e0b30d06f2a6935c8882f3a76d6df228f513c13c6e8ee1e43
c102f6eeb3bc1106d4201200ca09a72f9b044448d1087db2568078489962563a
4df95b25eba61af4dafea962aece44721deaebbb49cd3636fe3d20f169009d99
9ccc93768fd404ba68072e71b8ac2ed0b0dc44ee2b91b913109a27312d0e3332
54f6e12269366bf379107d1a920e4b0e428bdcc10cac24457874181916e84ba5
e0b94624bef25e6b46b21cc3d05ac9582b04d1b2258aaff1d13fc3819079fb3f
61b36d9d2e055b9e7be872cd42f44e78e9abfd505e5bc4e719d5b9801200d99e
5be04026087a580dcf1dd996c523a3fea40d5d86f9b7f8596562dec1f7f906c7
c1a40dbca9d28ac760447f501d812b82312be281ee699fdcc4a6a543077caa3d
97a715f8f119a00b01a264f4206bcb050fa0eb9a87d775d3c1acbeb89536da53
76cf64797bfade53343651f91b8dbb6c17d0894cd305c782399c5f95ea62760b
426569a5a19fa38c4f5294bc77c072ab86ff1a93aadd767ea1a6fdb1742249c8
6e7f8ff3782bb90e21df7fd4f7b61369e10b3965cde2cab0c24d6876809afb4e
95c008fdb0ff81d4b148fac86341f08e5ee8dc036b4f4a1a6d4140c98ae2a136
a6b9e71775ba3672a587c1054ee2e9670967809b0c5183f798ba24b4fd018e3c
9ffe2705a8dc9d3d60b856b9fb9c9501d12dc57b89eaa9f1cd0ae41adb9f234e
SH256 hash:
093dba961234b0120db11213defde8b6683d8a71729991a7c0f5e16ced375b64
MD5 hash:
479225a4e417132dff3c624dff503520
SHA1 hash:
286b5a97d288d48af94b5c15c4e926c88b28e16d
Detections:
win_remcos_g0 win_remcos_auto
SH256 hash:
1b19112dadf84fcb4d3ba5add2e060bd299253f36e1440a426c59c210e2378c6
MD5 hash:
08592d04958043820a99db4d11b00d6b
SHA1 hash:
c321c997e0da5443e7b0a601293526265157449a
SH256 hash:
8e51354c8b2f461ab0cfb92409bc45bf4e06ae244080513e2d6224dc22f47771
MD5 hash:
ae4bd6c5a7eaa50704d43d6054fc5dbd
SHA1 hash:
ab597cfc0433999f2032c56fe2c9e17081bcab46
Threat name:
Remcos
Score:
0.80

Yara Signatures


Rule name:ach_RemcosRAT
Author:abuse.ch
Rule name:Chrome_stealer_bin_mem
Author:James_inthe_box
Description:Chrome in files like avemaria
Rule name:INDICATOR_SUSPICIOUS_EXE_UACBypass_EventViewer
Author:ditekSHen
Description:detects Windows exceutables potentially bypassing UAC using eventvwr.exe
Rule name:Keylog_bin_mem
Author:James_inthe_box
Description:Contains Keylog
Rule name:Parallax
Author:@bartblaze
Description:Identifies Parallax RAT.
Rule name:Remcos
Author:JPCERT/CC Incident Response Group
Description:detect Remcos in memory
Rule name:remcos_rat
Author:jeFF0Falltrades
Rule name:REMCOS_RAT_variants
Rule name:win_remcos_auto
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator

File information


The table below shows additional information about this malware sample such as delivery method and external references.

c8d6289402196eafe107bb03437a71d1fca4c9e379204d03a696b032689cf54a

RemcosRAT

Executable exe 8e51354c8b2f461ab0cfb92409bc45bf4e06ae244080513e2d6224dc22f47771

(this sample)

  
Dropped by
MD5 e37abe47d894f5a1259bcefd3cc3998b
  
Dropped by
SHA256 c8d6289402196eafe107bb03437a71d1fca4c9e379204d03a696b032689cf54a
  
Dropped by
RemcosRAT
  
Delivery method
Distributed via e-mail attachment

Comments