MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 eb27f7097ab6f702e66460fde19766b38f3a2668996fdbe5767458694f8cb279. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RemcosRAT


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: eb27f7097ab6f702e66460fde19766b38f3a2668996fdbe5767458694f8cb279
SHA3-384 hash: 4720d32cc4a3bd19023a38217acbc955495b49e44cb64c004aa396904bf58b57dc766b3b0de268d21efc5c1db4b8c55b
SHA1 hash: 0ddbb0d137f96a02d0e668104c8f95f50995684e
MD5 hash: c3882978331ee6c17d60010258a6fb2d
humanhash: asparagus-romeo-diet-eight
File name:Invoice Order.rar
Download: download sample
Signature RemcosRAT
Create hunting rule
File size:758'007 bytes
First seen:2020-06-28 16:08:04 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:DR2bUGmcwpl1erdiW+S7flsyUvCreNf9E5R8ELJdPDDO0M1iSY1W1vs6IidoBO8L:sbUGmJpl1MRfuyyIeI0iDDlM/OWvIPOi
TLSH 57F423D2F1355962496A6DBF679378804AA1CA005BD08CB785BF49078F610BFE37D0BD
Reporter abuse_ch
Tags:rar RAT RemcosRAT


Avatar
abuse_ch
Malspam distributing RemcosRAT:

HELO: scrilozx.xyz
Sending IP: 5.206.227.135
From: Fred Kuy <fredneilq@gmail.com>, TRADING@scrilozx.xyz, COMPANY@scrilozx.xyz
Subject: ORDER REFERENCE FOR CONFIRMATION
Attachment: Invoice Order.rar (contains "God.exe")

RemcosRAT C2:
fredneilq.ddns.net (112.198.65.54)
evaclock1.hopto.org (112.198.65.54)

Intelligence

File Origin
# of uploads :
1
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/eb27f7097ab6f702e66460fde19766b38f3a2668996fdbe5767458694f8cb279/
Threat name:
Win32.Trojan.Rescoms
Create hunting rule
Status:
Malicious
First seen:
2020-06-28 16:10:05 UTC
AV detection:
17 of 31 (54.84%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=5mt7ocl2w33qfztemd66df3gwohtujtitfx5xzlwormgst4mwj4q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RemcosRAT

rar eb27f7097ab6f702e66460fde19766b38f3a2668996fdbe5767458694f8cb279

(this sample)

RemcosRAT

Executable exe dce0fd32e1a722b27a3d60dc55016edbbfe763d3ec5aa10de6a6455e062b1432

  
Dropping
MD5 bb5209dec193ce323457cdbd5dd7efcf
  
Dropping
RemcosRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 dce0fd32e1a722b27a3d60dc55016edbbfe763d3ec5aa10de6a6455e062b1432

Comments