MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 18c7f10639db2797a180864077e41544842fa5afc6209e81940e5cd4abacd280. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RemcosRAT


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 18c7f10639db2797a180864077e41544842fa5afc6209e81940e5cd4abacd280
SHA3-384 hash: 335ca38b4b126ef9338ed4412bddbf13276ee9f5dde467add2fdb2e5faf797e4bbfc18799a48ef99ecbb698d20766eed
SHA1 hash: 748bd7d288ed8dbfad61a73211d255902d022185
MD5 hash: 83f06a9b8e0e490eeeddc04bb72c75f7
humanhash: lion-charlie-hamper-five
File name:Paid Invoice _confirmation_.img
Download: download sample
Signature RemcosRAT
Create hunting rule
File size:1'769'472 bytes
First seen:2021-02-28 10:39:24 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:tqHTpiGrg2UOvE73TWXv0K5vZC7rUb1xkxr3cPamMI6l5/bINjS25Ukcm/iJAC8C:tqHT0GwOvEjTqLhc7xtWT6lVIN+gZbO
TLSH 1285596152424B32F4523B36C93A1264DBE56E3CBD105B06F6AC6BAB5B2F2402CD717F
Reporter abuse_ch
Tags:img RemcosRAT


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: rdns0.returnspark.website
Sending IP: 151.80.220.100
From: ute@marcelselectronics.com
Subject: RE: bank account to confirm
Attachment: Paid Invoice _confirmation_.img (contains "Paid Invoice _confirmation_9336639_03993736553.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
340
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Fareit-FZO42D277A9217E.14120.14775.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/18c7f10639db2797a180864077e41544842fa5afc6209e81940e5cd4abacd280/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2021-02-28 10:40:10 UTC
AV detection:
10 of 48 (20.83%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ddd7cbrz3mtzpimaqzahpzaviscc7jnpyyqj5amubzonjk5m2kaa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/18c7f10639db2797a180864077e41544842fa5afc6209e81940e5cd4abacd280

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RemcosRAT

img 18c7f10639db2797a180864077e41544842fa5afc6209e81940e5cd4abacd280

(this sample)

RemcosRAT

Executable exe 86eb335425ab87285d7fc03826498925262e64a466fac29d22c8ae1a806feaae

  
Dropping
MD5 42d277a9217eb92923e54b3d1adea3ac
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 86eb335425ab87285d7fc03826498925262e64a466fac29d22c8ae1a806feaae

Comments