MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 118354482a52b6b5b7f212830ba552d5935444c38f10bce7be702dbdf9d12dbd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RemcosRAT


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 118354482a52b6b5b7f212830ba552d5935444c38f10bce7be702dbdf9d12dbd
SHA3-384 hash: ee085b24d8ce5638bf985f36a59bf7fe64e8e7118d9e360818dad5f1dc9bfdc41d6b8d67f1447d2d424cc488f3c202b3
SHA1 hash: 9e6955903f0ac86742850b5a1d696a878ef271d9
MD5 hash: 99eba06daad45b173290776beeeb238a
humanhash: william-yellow-mars-undress
File name:Confirmación de pedido nuevo PO # 1912679.iso
Download: download sample
Signature RemcosRAT
Create hunting rule
File size:651'264 bytes
First seen:2021-02-09 18:56:15 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 12288:8AJqq6qT0lquq3qt5BaisGdLxwWmo2kVO2gdUqEEukKPkz7:oLBx2oFk2gVUe3
TLSH 84D46B6623486F1AE2BDB3B6D0650470A3F5EE16E325FB8F3EAD30CA0675F44D615602
Reporter abuse_ch
Tags:ESP geo iso RAT RemcosRAT


Avatar
abuse_ch
Malspam distributing RemcosRAT:

HELO: vps.asswart.com
Sending IP: 45.85.90.28
From: Jainson Naik <office@briglum.com>
Subject: Confirmación de pedido nuevo PO # 1912679
Attachment: Confirmación de pedido nuevo PO # 1912679.iso (contains "Confirmación de pedido nuevo PO # 1912679.exe")

RemcosRAT C2:
graceland2021.ddns.net:1313

Intelligence

File Origin
# of uploads :
1
# of downloads :
124
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PackedNET.537.17139.31850.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/118354482a52b6b5b7f212830ba552d5935444c38f10bce7be702dbdf9d12dbd/
Threat name:
ByteCode-MSIL.Trojan.Pwsx
Create hunting rule
Status:
Malicious
First seen:
2021-02-09 18:57:05 UTC
AV detection:
8 of 48 (16.67%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=cgbvisbkkk3lln7sckbqxjks2wjvirgdr4ilzz56oaw336orfw6q._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/118354482a52b6b5b7f212830ba552d5935444c38f10bce7be702dbdf9d12dbd

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RemcosRAT

iso 118354482a52b6b5b7f212830ba552d5935444c38f10bce7be702dbdf9d12dbd

(this sample)

RemcosRAT

Executable exe 2cda28e9bb4a8823f5a82fde5ee2313cb7898fd17facc933984ccc926841822b

  
Dropping
MD5 d30e90a2424826dd6e9502352f53f2fd
  
Dropping
RemcosRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 2cda28e9bb4a8823f5a82fde5ee2313cb7898fd17facc933984ccc926841822b

Comments