MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0cf96fb8b809ba4702cc45b012f0a26431304ff9900977b20e42d2cc8cf3dac2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RemcosRAT


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0cf96fb8b809ba4702cc45b012f0a26431304ff9900977b20e42d2cc8cf3dac2
SHA3-384 hash: a19f2ca4966fa6959321d4f8bc98db3c5ba5315f19acc46ded1b662662318a7dbcef5e9a80310c462430713fada77b51
SHA1 hash: 4fb0ce1c318db3c1e2cfe23acb1e32d7710a4786
MD5 hash: c06f7f0d39d508728cbba737bb6c185c
humanhash: jupiter-carbon-venus-double
File name:SERFINANZA_EXTRACTO_95192423350910894693342209_93269840066410939239405_3589722817207249426968099_558
Download: download sample
Signature RemcosRAT
Create hunting rule
File size:569'342 bytes
First seen:2020-11-20 07:41:33 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:GEbhWrG/8a1jFR1zU+D3mtL4ZrGlpJC0C5kd8dUKr4Qe3:ZbhWC/pPvDWtM1GfM03WUB1
TLSH D4C42332A41B8DF5DDB3950B2E85D5E43990682BA3F1F7FC7D154F4782A325523AC02A
Reporter abuse_ch
Tags:ESP geo RAT RemcosRAT


Avatar
abuse_ch
Malspam distributing RemcosRAT:

HELO: NAM12-DM6-obe.outbound.protection.outlook.com
Sending IP: 40.92.22.23
From: info. Extracto <tesoreria022procolombia@outlook.es>
Subject: EXTRACTO SERFINANZA.
Attachment: SERFINANZA_EXTRACTO_95192423350910894693342209_93269840066410939239405_3589722817207249426968099_558 (contains "SERFINANZA_EXTRACTO_95192423350910894693342209_93269840066410939239405_3589722817207249426968099_5581546246170907324764_pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
76
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0cf96fb8b809ba4702cc45b012f0a26431304ff9900977b20e42d2cc8cf3dac2/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=bt4w7ofybg5eoawmiwybf4fcmqytat7zsaexpmqoiljmzdht3lba._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RemcosRAT

rar 0cf96fb8b809ba4702cc45b012f0a26431304ff9900977b20e42d2cc8cf3dac2

(this sample)

RemcosRAT

Executable exe d7e339a5a02ec396fb568be9485047caccf6cc9ac85a8a6448410ed26a75f7e7

  
Dropping
MD5 9c19270cbcba316bbd0d9ef19e5f5c6e
  
Dropping
RemcosRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d7e339a5a02ec396fb568be9485047caccf6cc9ac85a8a6448410ed26a75f7e7

Comments