MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1d49444035e343cd69c404f6382c1b5b88df077559444b324ea40bdaf8efb280. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RemcosRAT


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1d49444035e343cd69c404f6382c1b5b88df077559444b324ea40bdaf8efb280
SHA3-384 hash: 65598d8aafcc628c87a501626a6b1c1d247dc9ca46d416ca7351ef2a74b6f31d4baa2bf15240f66363787048dbc1eccc
SHA1 hash: 16bcc7b67f26a7a29f06f3a9adeef1576cf78023
MD5 hash: f379fd4d026d156e4d73af7f99984e0a
humanhash: arizona-asparagus-failed-california
File name:14082020 PDF.UU
Download: download sample
Signature RemcosRAT
Create hunting rule
File size:298'632 bytes
First seen:2020-08-14 18:19:41 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:RD2XrK3mZ1a5hpKZIQfE702N+FJps9F27tE63d/GBNJMm1I0Z:RD2X+mbeKZIyodwWF27nlRs
TLSH DE54234D3DFFF943B6C0277C2FF01F122D098C28ACF76E976849A1E9194112E2569975
Reporter abuse_ch
Tags:Outlook RemcosRAT uu


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: NAM11-CO1-obe.outbound.protection.outlook.com
Sending IP: 40.92.18.50
From: ELECTROKIT . <electrokit123@hotmail.com>
Subject: DOCUMENTO PDF
Attachment: 14082020 PDF.UU (contains "14082020 PDF.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
71
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1d49444035e343cd69c404f6382c1b5b88df077559444b324ea40bdaf8efb280/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=dveuiqbv4nb422oeat3dqla3loen6b3vlfcewmsouqf5v6hpwkaa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/1d49444035e343cd69c404f6382c1b5b88df077559444b324ea40bdaf8efb280

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RemcosRAT

rar 1d49444035e343cd69c404f6382c1b5b88df077559444b324ea40bdaf8efb280

(this sample)

RemcosRAT

Executable exe dc7336231300fc46c3be07afe1cb721f1b1a98f0a4a13029d9bfcabea5619259

  
Dropping
MD5 d89ed76e839eecf303b3fa3a936e32e1
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 dc7336231300fc46c3be07afe1cb721f1b1a98f0a4a13029d9bfcabea5619259

Comments