MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1e1035cccc4755a109fd3f6cb6c8ca72092d2791520ddcdf0334122e6b9dea93. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RemcosRAT


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1e1035cccc4755a109fd3f6cb6c8ca72092d2791520ddcdf0334122e6b9dea93
SHA3-384 hash: 91eb55db397cf5860429861ac3c53f6c0b0bde87e2dc8628ad3cfb2d4503019f4503ebed22a67f40ee51e60788c6a036
SHA1 hash: ed1e2057201e05c15cbfa38e879cdb56b51c736a
MD5 hash: 2540408d7a71fa7d8cc6f748fed2b3ae
humanhash: mexico-idaho-solar-mars
File name:PDF_EXTRACTO_8708351187074107661512186542_2964923929632622389140_67496250499050482698127340_43305989
Download: download sample
Signature RemcosRAT
Create hunting rule
File size:599'203 bytes
First seen:2020-12-17 08:47:23 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:fvEjXBz+/Pma/fDrMVYSRJFiPvvpxH4XEHWytG5OV536T38aW:f8j4XNfDDSvFiPvvQXEHWHQX36T38aW
TLSH 2FD423519F380A634ABAC35F78D24D081B3A1A73FEA197E43D40D7007EE5E5487FA614
Reporter abuse_ch
Tags:Outlook RAT RemcosRAT


Avatar
abuse_ch
Malspam distributing RemcosRAT:

HELO: NAM02-BL2-obe.outbound.protection.outlook.com
Sending IP: 40.92.3.45
From: info. Extracto <tesoreria54procolombia@outlook.es>
Subject: FACTURA EN MORA, REPORTE NEGATIVO EN DATACREDITO
Attachment: PDF_EXTRACTO_8708351187074107661512186542_2964923929632622389140_67496250499050482698127340_43305989 (contains "PDF_EXTRACTO_8708351187074107661512186542_2964923929632622389140_67496250499050482698127340_4330598984156867018520_pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
119
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Heur.15683.975.UNOFFICIAL
Create hunting rule

Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1e1035cccc4755a109fd3f6cb6c8ca72092d2791520ddcdf0334122e6b9dea93/
Threat name:
ByteCode-MSIL.Backdoor.Remcos
Create hunting rule
Status:
Malicious
First seen:
2020-12-17 08:48:07 UTC
AV detection:
9 of 48 (18.75%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=dyidltgmi5k2ccp5h5wlnsgkoies2j4rkig5zxydgqjc42455kjq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/1e1035cccc4755a109fd3f6cb6c8ca72092d2791520ddcdf0334122e6b9dea93

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RemcosRAT

rar 1e1035cccc4755a109fd3f6cb6c8ca72092d2791520ddcdf0334122e6b9dea93

(this sample)

RemcosRAT

Executable exe 3024e654175b1dca693685f526e364d61337bcd60236c82d5095cec6477c7c0b

  
Dropping
MD5 922c6ab4876450c2573605360d6483e4
  
Dropping
RemcosRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 3024e654175b1dca693685f526e364d61337bcd60236c82d5095cec6477c7c0b

Comments