MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fe2c29e5fe1ff0b53611c96fd0a5c927d5134ab0ecd863bad7bae2930350ca2b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RemcosRAT


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fe2c29e5fe1ff0b53611c96fd0a5c927d5134ab0ecd863bad7bae2930350ca2b
SHA3-384 hash: 8483d4279d1bb1dc155df3e36bfbac415a5477ccf92a5c2fc1d7464f4d7808999e5c6eab41181e323bb2b448c821e0df
SHA1 hash: 41e887b6dc54e442d5f0df1781b3062fc5efdc53
MD5 hash: dbce7bf079c9f9f30d386f1905b0fb3e
humanhash: robert-bravo-speaker-pennsylvania
File name:ADJUNTO_EXTRACTO_1718983652577559998296647625_03867146902629304914898877443_82532103783739223474532_
Download: download sample
Signature RemcosRAT
Create hunting rule
File size:243'466 bytes
First seen:2020-08-06 05:42:57 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:3toBUtbR5643bDssFyvPnbmMY385vVOrMe3/BE/oh:3kaLHkPbmMY3Qe3/Boi
TLSH 9C3422BAF34DA0CF0681067E62D8DCF49D7CAED64D1997965A6C3E5C1E2090B9E04CB2
Reporter abuse_ch
Tags:Outlook RAT RemcosRAT


Avatar
abuse_ch
Malspam distributing RemcosRAT:

HELO: NAM11-BN8-obe.outbound.protection.outlook.com
Sending IP: 40.92.20.105
From: info. Extracto <tesoreria015procolombia@outlook.es>
Subject: EXTRACTO SERFINANZA.
Attachment: ADJUNTO_EXTRACTO_1718983652577559998296647625_03867146902629304914898877443_82532103783739223474532_ (contains "ADJUNTO_EXTRACTO_1718983652577559998296647625_03867146902629304914898877443_82532103783739223474532_6326080594026152_pdf.exe")

RemcosRAT C2:
recuperaciondecartera.website:6790

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/fe2c29e5fe1ff0b53611c96fd0a5c927d5134ab0ecd863bad7bae2930350ca2b/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=7ywctzp6d7ylknqrzfx5bjoje7krgsvq5tmghowxxlrjga2qzivq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/fe2c29e5fe1ff0b53611c96fd0a5c927d5134ab0ecd863bad7bae2930350ca2b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RemcosRAT

rar fe2c29e5fe1ff0b53611c96fd0a5c927d5134ab0ecd863bad7bae2930350ca2b

(this sample)

RemcosRAT

Executable exe 1c5ca08ab6e50efcb71f7d20259bfae595af46513786bf9d130bf0e484a6d77f

  
Dropping
MD5 a4a14e221f9e663a8928b8bbe6ef6a6b
  
Dropping
RemcosRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 1c5ca08ab6e50efcb71f7d20259bfae595af46513786bf9d130bf0e484a6d77f

Comments