MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f202562d4d4f3a85dc598cb890bf536b8755991a96ca493875d9c6a052ceebf5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RemcosRAT


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f202562d4d4f3a85dc598cb890bf536b8755991a96ca493875d9c6a052ceebf5
SHA3-384 hash: 9b81a07586d6a93bdadafe0688a559bcb71e8570422300f084edbd1150f6fd102572aa5311e199b1d00f2bed2b5d81b9
SHA1 hash: be4c179e8fc36f279b60509f6aece5ac3e127859
MD5 hash: 5ac67ed9ab26cc903dd787510f034bed
humanhash: early-oranges-london-fix
File name:Factura_02114984084_55759752_187512177366350701_54150607_1078486337666513_45844851467_549481167.tgz
Download: download sample
Signature RemcosRAT
Create hunting rule
File size:324'752 bytes
First seen:2020-08-13 10:01:24 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:dK/cC0K4dsl+iDw4I9KLvNLiSSP9dA7aY6F/bh9KFA7hWnx:dzK46lDc4I9wV9d4zICex
TLSH 536422ABA517031786A9C596ACCC01E603DF9F3F2A80C35BE07C1AD8911177ED5D2E6D
Reporter abuse_ch
Tags:Outlook RAT RemcosRAT tgz


Avatar
abuse_ch
Malspam distributing RemcosRAT:

HELO: EUR06-AM7-obe.outbound.protection.outlook.com
Sending IP: 40.92.16.58
From: lenka buckova <lenkabuckova@hotmail.com>
Subject: SERFINANZA FACTURA DE COBRO.
Attachment: Factura_02114984084_55759752_187512177366350701_54150607_1078486337666513_45844851467_549481167.tgz (contains "Factura_02114984084_55759752_187512177366350701_54150607_1078486337666513_45844851467_549481167_pdf.exe")

RemcosRAT C2:
recuperaciondecartera.website:6790

Intelligence

File Origin
# of uploads :
1
# of downloads :
67
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f202562d4d4f3a85dc598cb890bf536b8755991a96ca493875d9c6a052ceebf5/
Threat name:
Win32.Backdoor.Rescoms
Create hunting rule
Status:
Malicious
First seen:
2020-08-13 10:03:04 UTC
AV detection:
16 of 29 (55.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=6ibfmlknj45ilxczrs4jbp2tnodvlgi2s3fesodv3hdkauwo5p2q._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/f202562d4d4f3a85dc598cb890bf536b8755991a96ca493875d9c6a052ceebf5

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RemcosRAT

rar f202562d4d4f3a85dc598cb890bf536b8755991a96ca493875d9c6a052ceebf5

(this sample)

RemcosRAT

Executable exe 82f0cf3abdd3fe182495f1c1fb239b778228d3f17115c4e49cb6622e3c993952

  
Dropping
MD5 83cf74c53acc17de02a4ab1669e518cd
  
Dropping
RemcosRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 82f0cf3abdd3fe182495f1c1fb239b778228d3f17115c4e49cb6622e3c993952

Comments