MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1f58064d74cb246aac103c07602924e3558e9e6e2275c52422b71cca50fcec99. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RemcosRAT


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1f58064d74cb246aac103c07602924e3558e9e6e2275c52422b71cca50fcec99
SHA3-384 hash: 3fbadc7edcf6bb674f8ff1fa5b8e33d57586e844e4e00766b81cf390765ad846a512aa59a96bea178a8ca321bf5adcef
SHA1 hash: 9776dbc28a3d2c799afe6f50dbf200d03d1b6607
MD5 hash: 916c244b8b1cca49dfe5f1a90c048575
humanhash: yellow-arkansas-nitrogen-nevada
File name:Musalli Factory - products lists.rar
Download: download sample
Signature RemcosRAT
Create hunting rule
File size:206'634 bytes
First seen:2020-05-03 08:04:52 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:3uz6dfNbXawejTPste2OrsmgblVMiuNWV:3uwbXawejjeFOImg5uNa
TLSH 0C1412B1DC62FB3823CA57C3D91AFB3B54E816E45022CB86B8531A138546DD33DC48AE
Reporter abuse_ch
Tags:rar RAT RemcosRAT


Avatar
abuse_ch
Malspam distributing RemcosRAT:

HELO: cpb2.medionline.cl
Sending IP: 45.55.49.33
From: ALOZZA FAHIMA <info@musallifactory.com>
Subject: Musalli Factory & Trading Co. - Urgent Products Inquiry
Attachment: Musalli Factory - products lists.rar (contains "Musalli Factory - products lists.exe")

RemcosRAT C2:
212.83.46.23:3110

Intelligence

File Origin
# of uploads :
1
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-03 08:35:36 UTC
File Type:
Binary (Archive)
Extracted files:
8
AV detection:
22 of 48 (45.83%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=d5mamtluzmsgvlaqhqdwakje4nky5htoej24kjbcw4omuuh45smq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RemcosRAT

rar 1f58064d74cb246aac103c07602924e3558e9e6e2275c52422b71cca50fcec99

(this sample)

RemcosRAT

Executable exe b2bccd13743ac9153a8b731af82d6b19fa7395dd16596a3b5f783f1092419c3a

  
Dropping
MD5 62d2c5f606e9f2e19dea14690bdf3929
  
Dropping
RemcosRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b2bccd13743ac9153a8b731af82d6b19fa7395dd16596a3b5f783f1092419c3a

Comments