MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0660f3fe8f678619a303a59953a93feaf0250f9adc2c901e51f13ddde0c16811. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RemcosRAT

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	0660f3fe8f678619a303a59953a93feaf0250f9adc2c901e51f13ddde0c16811
SHA3-384 hash:	f2482dc0c3ce3b58f9e3c26d211d4a869daf3715d897af6314e92305e89f1da3d0cec1be814694e806885db1dcfb4c05
SHA1 hash:	92b3a9ae041f121badae212d65233fd25f4a2e77
MD5 hash:	daf7bff018ced74ccc2029cf3b307b76
humanhash:	burger-princess-emma-blue
File name:	_0900000000000000000900.zip
Download:	download sample
Signature	RemcosRAT Create hunting rule
File size:	72'773 bytes
First seen:	2021-04-23 10:31:21 UTC
Last seen:	Never
File type:	zip
MIME type:	application/zip
ssdeep	1536:KjDmoMAjr8rowWxjfwpRGbI3E3w0EXj5LJxZKGCl4p6Fnr:KjDcAdXZmRGbIUb4FLJx8GCyp6Vr
TLSH	7463025012944794E560BBF11E1C3EEF4902EF5271E4EBBBDED83249D196A0E4698FF0
Reporter	GovCERT_CH

Intelligence

File Origin

# of uploads :

1

# of downloads :

112

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Trojan.GenericKD.46157305.30248.30484.UNOFFICIAL

Result

Verdict:

MALICIOUS

Link:

https://labs.inquest.net/dfi/sha256/0660f3fe8f678619a303a59953a93feaf0250f9adc2c901e51f13ddde0c16811

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/0660f3fe8f678619a303a59953a93feaf0250f9adc2c901e51f13ddde0c16811/

Threat name:

Win32.Trojan.Spynoon

Status:

Malicious

First seen:

2021-04-22 11:40:38 UTC

AV detection:

19 of 28 (67.86%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=azqph7upm6dbtiyduwmvhkj75lyckd423qwjahsr6e653ygbnaiq._file

Result

Malware family:

remcos

Score:

10/10

Tags:

family:remcos rat

Link:

https://tria.ge/reports/210423-xche83xytx/

Behaviour

Suspicious behavior: MapViewOfSection

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates physical storage devices

Suspicious use of SetThreadContext

Loads dropped DLL

Remcos

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Remcos

Score:

0.80

Link:

https://yomi.yoroi.company/submissions/0660f3fe8f678619a303a59953a93feaf0250f9adc2c901e51f13ddde0c16811

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip 0660f3fe8f678619a303a59953a93feaf0250f9adc2c901e51f13ddde0c16811

(this sample)

exe 033f4d8bd914597ee146ea8761a3f79fceb4f49af99f411e9ee94775ed298179

Delivery method

Distributed via e-mail attachment

Dropping

SHA256 033f4d8bd914597ee146ea8761a3f79fceb4f49af99f411e9ee94775ed298179

Dropping

MD5 030daaca1bd4fc284e4b4ab63d1b6419

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample