MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 122a58361a75a38bc40611f0ccad9c745ab7e2a9463c4f5e89a13dd63116f6dd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RemcosRAT


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 122a58361a75a38bc40611f0ccad9c745ab7e2a9463c4f5e89a13dd63116f6dd
SHA3-384 hash: 868b6bf3f47f18710f0425eec82bf8dc53995aebc0744ae249e6f8ab6441927fd19ed51f24d751a396f0f6bebd45b809
SHA1 hash: 5e596d29c858c80e361d63f6e7c532d97affad7d
MD5 hash: 5906b93aebdad5febb3fa5128391ff5a
humanhash: bakerloo-oxygen-sodium-south
File name:3REM-ULTITEC-865hkk-PROTECTIVE-PPErvGiVBzqbBf9Br.7z
Download: download sample
Signature RemcosRAT
Create hunting rule
File size:366'112 bytes
First seen:2020-05-07 06:43:41 UTC
Last seen:Never
File type: 7z
MIME type:application/x-rar
ssdeep 6144:fijqBJyBg+G6d0sddtzPQ/f8lud/jt3jCAbVKQtdulL4Mm8ECGgx7+Yo:f2qKxqsxQ/0lQLVzK6d5M2CdR+x
TLSH 967423C1B997FC2366EC77CEE0939F3592112075AEE7115ACB79A68064588B70FEC84C
Reporter abuse_ch
Tags:7z COVID-19 RAT RemcosRAT


Avatar
abuse_ch
Malspam distributing RemcosRAT:

HELO: smtp1-01.brain.net.pk
Sending IP: 203.128.3.25
From: wonhar <wonhar@brain.net.pk>
Reply-To: <ayala22mark@gmail.com>
Subject: ULTITEC COVID 19 PROTECTIVE CLOTHING
Attachment: 3REM-ULTITEC-865hkk-PROTECTIVE-PPErvGiVBzqbBf9Br.7z (contains "3REM-ULTITEC-865hkk-PROTECTIVE-PPErvGiVBzqbBf9Br.exe")

RemcosRAT C2:
185.165.153.215:6608

Intelligence

File Origin
# of uploads :
1
# of downloads :
86
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-07 07:36:34 UTC
File Type:
Binary (Archive)
Extracted files:
15
AV detection:
10 of 31 (32.26%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=civfqnq2owryxragchymzlm4ornlpyvjiy6e6xujue65mmiw63oq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RemcosRAT

7z 122a58361a75a38bc40611f0ccad9c745ab7e2a9463c4f5e89a13dd63116f6dd

(this sample)

RemcosRAT

Executable exe e9405efd2e392e4732172009d420567b63b2ed3eb1ad51d9a0539eefaf620030

  
Dropping
MD5 26791ff2139c7eef1328963dd38d4bc9
  
Dropping
RemcosRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e9405efd2e392e4732172009d420567b63b2ed3eb1ad51d9a0539eefaf620030

Comments