MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 05af0a95c0f61e75d7f2bbd1d64a1a404890b7bf98238cf12ea098f7e2b37935. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RemcosRAT


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 05af0a95c0f61e75d7f2bbd1d64a1a404890b7bf98238cf12ea098f7e2b37935
SHA3-384 hash: 5b7709ba2ff25b50bbc0d301f6d10ba7a2ea36d16973d73f2317ecbbde855a0ee05f24c6a94369685c014e5acb0ae51f
SHA1 hash: a0ce62d935e192f4d14ddd903236c6550ed2fc86
MD5 hash: 414dc68697fa760596e770f9e167b8a7
humanhash: item-michigan-black-yankee
File name:Cobro Juridico_06485531558_5482751_872411945215484_089731_28992931479395636_108255_29509332731.tgz
Download: download sample
Signature RemcosRAT
Create hunting rule
File size:169'460 bytes
First seen:2020-10-20 08:50:23 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 3072:uGUgFxhib13G+JbSI0pFlArcDS/96uwUOVskB4xK9PPoddeIKEjB55of:uGLFM3/J29FiL/91KdonT5a
TLSH 19F3122887F4BB3A8723C718B6F272BE6E3192D563597DC89147300C1D780A1AACF572
Reporter abuse_ch
Tags:Outlook RAT RemcosRAT tgz


Avatar
abuse_ch
Malspam distributing RemcosRAT:

HELO: EUR05-AM6-obe.outbound.protection.outlook.com
Sending IP: 40.92.91.56
From: lenka buckova <lenkabuckova@hotmail.com>
Subject: ACUERDO DE PAGO
Attachment: Cobro Juridico_06485531558_5482751_872411945215484_089731_28992931479395636_108255_29509332731.tgz (contains "Cobro Juridico_06485531558_5482751_872411945215484_089731_28992931479395636_108255_29509332731_pdf.exe")

RemcosRAT C2:
databasepropersonombrecomercialideasearchwords.services:7580 (186.169.63.66)

Intelligence

File Origin
# of uploads :
1
# of downloads :
103
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/05af0a95c0f61e75d7f2bbd1d64a1a404890b7bf98238cf12ea098f7e2b37935/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-10-20 02:31:36 UTC
AV detection:
4 of 48 (8.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=awxqvfoa6yphlv7sxpi5msq2ibejbn57taryz4joucmppyvtpe2q._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/05af0a95c0f61e75d7f2bbd1d64a1a404890b7bf98238cf12ea098f7e2b37935

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RemcosRAT

rar 05af0a95c0f61e75d7f2bbd1d64a1a404890b7bf98238cf12ea098f7e2b37935

(this sample)

RemcosRAT

Executable exe 308245e3b036eaa8e2b12c92852a64e5feedd6d952789d12da2ea5da9b7acced

  
Dropping
MD5 f3b661b1733230cea69912446834bf5c
  
Dropping
RemcosRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 308245e3b036eaa8e2b12c92852a64e5feedd6d952789d12da2ea5da9b7acced

Comments