MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d507ed9c29f7392e025b68e345b59961c392826aaf41a3992dbab7aff0253e6a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RemcosRAT


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d507ed9c29f7392e025b68e345b59961c392826aaf41a3992dbab7aff0253e6a
SHA3-384 hash: db90948c8549b628d97c5d4a04f12fac49124ac61c784d5f8ff936d48cfa7bb6001effbbd04abccae525e781bdfcd10e
SHA1 hash: cc4e7e636bb1725e9146454b5efa2322f6698056
MD5 hash: 84e0513c6d1e1aa7540d468c195f4fbf
humanhash: jig-ten-july-autumn
File name:UPS.exe
Download: download sample
Signature RemcosRAT
Create hunting rule
File size:621'568 bytes
First seen:2020-06-24 07:00:00 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 37ec15e12a6a58142524cbf63ac13fd6 (6 x RemcosRAT, 2 x FormBook, 1 x NetWire)
ssdeep 12288:3ARldIm597ql0ynjNHEJRXZdL38YN2Vf7qWWWy/z:8XHql9njNHE5Z3PN2Jy/z
Threatray 938 similar samples on MalwareBazaar
TLSH CCD4AF33F2C08876C57E29B9AD0F45E5951ABE757E18688A3BCC1E4C4FB92913C29193
Reporter jarumlus
Tags:RemcosRAT

Intelligence

File Origin
# of uploads :
1
# of downloads :
77
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/13524/
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

SecuriteInfo.com.AI.Packer.AEC3198E21.9706.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d507ed9c29f7392e025b68e345b59961c392826aaf41a3992dbab7aff0253e6a/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-23 17:56:32 UTC
AV detection:
40 of 48 (83.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=2ud63hbj644s4as3ndrulnmzmhbzfatkv5a2hgjnxk3274bfhzva._file
Verdict:
malicious
Label(s):
remcos
Create hunting rule
Similar samples:
05eabdc668ca2295147294741ebfc75777c6453cee15fef08a8e9408030a4d41
RemcosRAT
3b0f6129ac1124a021197f9fbbd0edd587fd763f622f47020eed504ba0e36805
RemcosRAT
575c275cfe07d8be90d21a93cc1f651ceaa60b230e771c8c853d8370a221fe77
RemcosRAT
588a67a610dd3cc4803c3c54d4bbb0c197d542b69cc79bff6559b24e42f09107
RemcosRAT
5c9667b60610ff2eeb6b26096b7ac951ed3d59fc716a6b8aa1c94c38658b0db7
RemcosRAT
738ea925d9f26dc03c18efd41de5e310285a36eef0147e7767a25dcf3fb1b24d
RemcosRAT
a5f2366c498c4f33ec95d923ceef75d73855181b8bf3c2d28ac1407eadf1bbd1
RemcosRAT
af1cf572150e95fd75306a13eb3d2306e1e1fb4ef6c238f53f30f2525389e07b
RemcosRAT
b2f999593d2004d1ea8797e0d1a20096b204e5211d1b39b5e4998e7835555e41
RemcosRAT
c59842c19c1b3f0171b40eebfb3e98ddccc4237edcaaa62990a0881ee1f6f798
RemcosRAT
+ 928 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  6/10
Tags:
evasion spyware trojan
Link:
https://tria.ge/reports/200624-399625mlcj/
Behaviour
Suspicious use of WriteProcessMemory
Modifies system certificate store
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

4aab4b9004f608cf2c86456896752827774c121f91351a427943657716e1d516

RemcosRAT

Executable exe d507ed9c29f7392e025b68e345b59961c392826aaf41a3992dbab7aff0253e6a

(this sample)

  
Dropped by
MD5 0a10a13b55e86e6d7e28fb4f910ec3e1
  
Dropped by
SHA256 4aab4b9004f608cf2c86456896752827774c121f91351a427943657716e1d516
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/13524/

Comments