MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f0131c9963acd980973cef840259e1a38bc62556ae74e63dc166b1f13fed9830. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RemcosRAT


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f0131c9963acd980973cef840259e1a38bc62556ae74e63dc166b1f13fed9830
SHA3-384 hash: de49aed8561b51af1a24f7efc4bc5fc7f676ed7565e05b55548952dd1b73fc74d3ec179d0abce5c7f271030b98e869f8
SHA1 hash: c73fe14b77de24a97430ddf33b077f7ef28cc1bf
MD5 hash: 7acbea73c837aeb5cc68262c1a90202e
humanhash: virginia-tango-enemy-nitrogen
File name:NEW_PO-Byron_Distributors.rar
Download: download sample
Signature RemcosRAT
Create hunting rule
File size:194'290 bytes
First seen:2020-05-13 06:26:17 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 3072:GwoOFDS72fHzOc5XGrglRll2ID7JR9z/kb52lpBi/cz8i9DbQLsa9mPf2ble:+Cfqc5XG0lRlEI3mtYBi0z8ipbOm2bc
TLSH C21412274F4A16C1F8F0AD5371A9231D93C9BDFCDC99B880B7E6B0B04D9B1786A64189
Reporter abuse_ch
Tags:rar RAT RemcosRAT Yahoo


Avatar
abuse_ch
Malspam distributing RemcosRAT:

HELO: sonic313-54.consmr.mail.sg3.yahoo.com
Sending IP: 106.10.240.113
From: Paul Byron <marketing@pristinetech.in>
Reply-To: marketing@pristinetech.in
Subject: PO-001 ( Byron Distributors Ltd )
Attachment: NEW_PO-Byron_Distributors.rar (contains "NEW_PO-Byron_Distributors.exe")

RemcosRAT C2:
www.valjan.in:7331 (185.19.85.183)

Intelligence

File Origin
# of uploads :
1
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27572.Rar5Heur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-13 06:37:21 UTC
File Type:
Binary (Archive)
Extracted files:
4
AV detection:
17 of 48 (35.42%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=6ajrzgldvtmybfz456caewpbuof4mjkwvz2ompobm2y7cp7ntaya._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RemcosRAT

rar f0131c9963acd980973cef840259e1a38bc62556ae74e63dc166b1f13fed9830

(this sample)

RemcosRAT

Executable exe 510c93a2393e7ac30f4be84920ac3875685c95f75648ceb0c2a6f27b32d84b9a

  
Dropping
MD5 5465c3f4669b14fc127103979f9f959d
  
Dropping
RemcosRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 510c93a2393e7ac30f4be84920ac3875685c95f75648ceb0c2a6f27b32d84b9a

Comments