MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f4c346a46483eb98d1e57d0e1c3c7ba7bda5c549dd30b37eb7120aeaa0bbbb15. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RemcosRAT


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f4c346a46483eb98d1e57d0e1c3c7ba7bda5c549dd30b37eb7120aeaa0bbbb15
SHA3-384 hash: e73f2af077c835469c9f2486bf47ab95df820c6b985439172f94accb5b3bab917e3532b1fe6561b9f82259530cd2112c
SHA1 hash: 4ec1b6cbc94131eeb664a09c022fe43fe21d2afe
MD5 hash: 0eaa3b9f955d6430be46904220411551
humanhash: failed-robin-purple-virginia
File name:AWB 2205280630.IMG
Download: download sample
Signature RemcosRAT
Create hunting rule
File size:1'245'184 bytes
First seen:2020-08-03 13:55:16 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 768:c+xSFZq4m+9dk18JWxnElW6LE72vfvdr9JolRk92P/hWE7sWnCgS:c+xKZuQ4bQFQlueWxWnCg
TLSH 5945E61691E44639F167DF715A7847E7413D7C38382E858B7EEC396E37B2E088620A27
Reporter abuse_ch
Tags:img RAT RemcosRAT


Avatar
abuse_ch
Malspam distributing RemcosRAT:

HELO: dbschenker.com
Sending IP: 37.49.230.177
From: monir.hossain@dbschenker.com
Subject: Revised_ AWB#2205280630
Attachment: AWB 2205280630.IMG (contains "AWB # 2205280630.jpg.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
67
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f4c346a46483eb98d1e57d0e1c3c7ba7bda5c549dd30b37eb7120aeaa0bbbb15/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-08-03 13:57:06 UTC
AV detection:
9 of 48 (18.75%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=6tbunjdeqpvzrupfpuhbypd3u662lrkj3uylg7vxcifovif3xmkq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/f4c346a46483eb98d1e57d0e1c3c7ba7bda5c549dd30b37eb7120aeaa0bbbb15

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RemcosRAT

img f4c346a46483eb98d1e57d0e1c3c7ba7bda5c549dd30b37eb7120aeaa0bbbb15

(this sample)

RemcosRAT

Executable exe 07bea1f0f5a11fdada688ba215ee670c1a77d2f05b0e1125edaee37e66a0819c

  
Dropping
MD5 9eaa93c2850b10359c965b9ddc209bc9
  
Dropping
RemcosRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 07bea1f0f5a11fdada688ba215ee670c1a77d2f05b0e1125edaee37e66a0819c

Comments