MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d7c1a65e2a6bf3878bc533b7456775fd91e41ea88df4e1baee624f6fc0776d4c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RemcosRAT


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d7c1a65e2a6bf3878bc533b7456775fd91e41ea88df4e1baee624f6fc0776d4c
SHA3-384 hash: 248be4d04d8916a8b9410f1ca5d4195e6f625006f12819f24473e2c6da224e7a37b35fa12268403b2bc30bb08cf17ccb
SHA1 hash: a510e598115e7f15a12cc14383a6ee0c8285cfe5
MD5 hash: 4eb117d50bf42de8aa09ec7569ebaea9
humanhash: tennessee-hydrogen-triple-edward
File name:20201305,pdf.iso
Download: download sample
Signature RemcosRAT
Create hunting rule
File size:352'256 bytes
First seen:2020-05-13 09:46:27 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 6144:oYodtjcf/OSSs7CGIgRzRg752GwwyfynQ8IQd3FMNrM:oNdtjm/OSr5Ie2Z/yaQ8I+sw
TLSH D374AD8AF90055AACD5D43B01632DDB416637C7AA5B0E68C3DCE7CB73BBB7A20411963
Reporter abuse_ch
Tags:iso RAT RemcosRAT


Avatar
abuse_ch
Malspam distributing RemcosRAT:

HELO: gofox.pt
Sending IP: 94.46.13.76
From: SACMI VIETNAM CO. LTD. <sacmivn@sacmivietnam.com.vn>
Subject: 주문 문의 #20201305
Attachment: 20201305,pdf.iso (contains "20201305,pdf.exe")

RemcosRAT C2:
godsfavoured.ddns.net

Intelligence

File Origin
# of uploads :
1
# of downloads :
78
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.VFR-1.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-13 04:14:05 UTC
File Type:
Binary (Archive)
Extracted files:
6
AV detection:
13 of 31 (41.94%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=27a2mxrknpzypc6fgo3ukz3v7wi6ihvirx2odoxomjhw7qdxnvga._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RemcosRAT

iso d7c1a65e2a6bf3878bc533b7456775fd91e41ea88df4e1baee624f6fc0776d4c

(this sample)

RemcosRAT

Executable exe 9c163291baa89e2279a2ab8c2db63f8566b3d0b49bbd3b5254673ad2708b0866

  
Dropping
MD5 726053b1a0320bbb7d4401b7c58571ac
  
Dropping
RemcosRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 9c163291baa89e2279a2ab8c2db63f8566b3d0b49bbd3b5254673ad2708b0866

Comments