MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 006d8434c4eaff7d715c29012b0d9f00b43a52da5a2a438b284014122e664369. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RemcosRAT

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	006d8434c4eaff7d715c29012b0d9f00b43a52da5a2a438b284014122e664369
SHA3-384 hash:	cf2ac380b5c2c480bc9be1d82f609dc5c4517d046d809e5c035255efc99eb5b031a7e5dc14057a6156514bb80f8c1ecb
SHA1 hash:	fa951488930a0e926aba6d75809fb29316cbdd98
MD5 hash:	7965cb81f0b9fc92e9e02e53bd32854e
humanhash:	kilo-romeo-sad-aspen
File name:	PO-3175704534,PDF.cab
Download:	download sample
Signature	RemcosRAT Create hunting rule
File size:	886'784 bytes
First seen:	2021-04-07 06:00:23 UTC
Last seen:	Never
File type:	cab
MIME type:	application/x-iso9660-image
ssdeep	24576:YebsanDn4AomQlSesV+qQ8B8cHvNlEXHPzj:UaDnn7QcjHEXvz
TLSH	BE15D02233846F65E17EA7759060516093F2FD07E336DA8E7C9CB49D6B32AC1C262B53
Reporter	abuse_ch
Tags:	cab RemcosRAT

abuse_ch

Malspam distributing unidentified malware:

HELO: cloudhost-2762388.us-midwest-1.nxcli.net
Sending IP: 8.36.41.118
From: 양타라 Yang T. Seo <daeeun@de.co.kr>
Subject: New Order request Ref : E100-#3175704534
Attachment: PO-3175704534,PDF.cab (contains "PO-#3175704534,PDF.exe")