MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c94cfe575a8deaaf75026d5f13d7cbe7b79a3449f4e00c9935f0b5f49cd33974. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RemcosRAT


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c94cfe575a8deaaf75026d5f13d7cbe7b79a3449f4e00c9935f0b5f49cd33974
SHA3-384 hash: dd81a6d22585d5783d9c2bb01431d6eb01a2b5bbe36896728ef71ba93d34a2a0946547788d9b983f602be53bae744a70
SHA1 hash: 159d3144128e8cf399fe0708e0df0bedb7e30760
MD5 hash: 28898f0a4e59b4f755fc1b5a3f849e4b
humanhash: sad-pasta-speaker-massachusetts
File name:Solicitud de oferta 6100003768,pdf.iso
Download: download sample
Signature RemcosRAT
Create hunting rule
File size:1'314'816 bytes
First seen:2020-05-21 19:26:40 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 24576:+cxpdRIs2lc1FjLaotEnvkd3OOiAiLEnsan6EriI3:+cVf2cEvs36856K3
TLSH 86559F22F3D18937C1222B799C1BA2B9582ABF503D2868877FE87D4C5F357913829197
Reporter abuse_ch
Tags:iso RAT RemcosRAT


Avatar
abuse_ch
Malspam distributing RemcosRAT:

HELO: fenix.gigabits.cl
Sending IP: 186.67.77.198
From: battista <battista@imestre.cl>
Subject: Solicitud de oferta 6100003768
Attachment: Solicitud de oferta 6100003768,pdf.iso (contains "Solicitud de oferta 6100003768,pdf.exe")

RemcosRAT C2:
ifeanyiogbunebe.ddns.net:1965 (185.244.30.17)

Pointing to nVpn:

% Information related to '185.244.30.0 - 185.244.30.255'

% Abuse contact for '185.244.30.0 - 185.244.30.255' is 'abuse@FOS-VPN.org'

inetnum: 185.244.30.0 - 185.244.30.255
netname: Freedom_Of_Speech_Foundation_Hungary
remarks: Budapest, Hungary
country: HU
org: ORG-FOSF3-RIPE
admin-c: FOSF1-RIPE
tech-c: FOSF1-RIPE
status: ASSIGNED PA
mnt-by: FOS-VPN-MNT
created: 2019-10-29T14:10:27Z
last-modified: 2020-04-06T19:58:39Z
source: RIPE

Intelligence

File Origin
# of uploads :
1
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.BorlandDelphi-15
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Remcos
Create hunting rule
Status:
Malicious
First seen:
2020-05-21 17:10:16 UTC
File Type:
Binary (Archive)
Extracted files:
46
AV detection:
16 of 30 (53.33%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RemcosRAT

iso c94cfe575a8deaaf75026d5f13d7cbe7b79a3449f4e00c9935f0b5f49cd33974

(this sample)

RemcosRAT

Executable exe 7c7e874dd337e6f0ca2988aee1752a9da6a676599d1fd6e3d1c9d543816184a0

  
Dropping
MD5 859c9b3b285727748c59620ff80a27ec
  
Dropping
RemcosRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 7c7e874dd337e6f0ca2988aee1752a9da6a676599d1fd6e3d1c9d543816184a0

Comments