MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 025b2aa47a06822130415107a15a86827c0e578f495a5ce38219dc276bab1286. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RemcosRAT


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 025b2aa47a06822130415107a15a86827c0e578f495a5ce38219dc276bab1286
SHA3-384 hash: 125d402b68654228d2196313e3fd93f6aa5ba131f232391fe198b27cee1852ad6bfd87068b039721354537369d7e1e32
SHA1 hash: 9ce2e9c0b19113951f464bcfbf2b0364942f7538
MD5 hash: cc447ee533c13cd4f66cd7185ff0332e
humanhash: arizona-table-apart-don
File name:Proof of Payment.7z
Download: download sample
Signature RemcosRAT
Create hunting rule
File size:314'260 bytes
First seen:2020-08-06 06:42:28 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:9Q33mXtTvY6TDDqdttJRjLfXWAQYweHjv7PDxryFoZSrf7xW0EzZYFbKTY+3:2338TA2W5JRj7WeXH/lyFoE7EnzZOKTd
TLSH D46423C8183DA25497851DD2CBC9692847FEFC2BCA85C9F781227E87C775CD60BA980D
Reporter abuse_ch
Tags:7z RAT RemcosRAT


Avatar
abuse_ch
Malspam distributing RemcosRAT:

HELO: [139.64.246.192]
Sending IP: 139.64.246.192
From: HBZ Bank Operations and Support Services <chris@powerengineering.co.za>
Subject: Proof of Payment
Attachment: Proof of Payment.7z (contains "Proof of Payment.exe")

RemcosRAT C2:
139.64.246.192:444

Intelligence

File Origin
# of uploads :
1
# of downloads :
60
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/025b2aa47a06822130415107a15a86827c0e578f495a5ce38219dc276bab1286/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-08-06 06:44:12 UTC
AV detection:
10 of 48 (20.83%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ajnsvjd2a2bccmcbked2cwugqj6a4v4pjfnfzy4cdhoco25lckda._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.45
Link:
https://yomi.yoroi.company/submissions/025b2aa47a06822130415107a15a86827c0e578f495a5ce38219dc276bab1286

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RemcosRAT

zip 025b2aa47a06822130415107a15a86827c0e578f495a5ce38219dc276bab1286

(this sample)

RemcosRAT

Executable exe 804dcb4fefd588584f1e6dab425f4167aba62ca60e2d3989ff673c92a3ffb8b1

  
Dropping
MD5 b4567e2dc53ee3721aec5cf7c67b9885
  
Dropping
RemcosRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 804dcb4fefd588584f1e6dab425f4167aba62ca60e2d3989ff673c92a3ffb8b1

Comments