MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2033c189a8bbb5af887e1b92a5188feddf8e32b74bfdd0e3d9c5429f4555df8e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RemcosRAT


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2033c189a8bbb5af887e1b92a5188feddf8e32b74bfdd0e3d9c5429f4555df8e
SHA3-384 hash: 59fee8060e167dc3ac1c87f1b94f21b726868ec95eca5ed63b7d1ebec33fbfd1642ffbf72b33ac5bb0bd459a03e01a6c
SHA1 hash: 53815830c9dad65bf8cf33b8d4f0934afddee0c5
MD5 hash: c59d883c302a7e1c16b44f486819f4ef
humanhash: gee-nuts-fruit-magnesium
File name:New Order.rar
Download: download sample
Signature RemcosRAT
Create hunting rule
File size:482'388 bytes
First seen:2021-02-11 07:12:08 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:Ii8G8kal7LQHKbB0ycZ1Rt7Y/AJQT/VHF7:L83l7EyWrvn7V4P7
TLSH 4BA423DE12DDB24B9DEC46AB0885D56E8FAE9070E1D0A79530175F0A60C1E1FAF27D43
Reporter abuse_ch
Tags:rar RAT RemcosRAT


Avatar
abuse_ch
Malspam distributing RemcosRAT:

HELO: slot0.kolsitegroups.com
Sending IP: 203.159.80.22
From: Numair M. Choudhry <office@kolsitegroups.com>
Reply-To: Numair M. Choudhry <lcatena@studdds.com>
Subject: Re: New Order
Attachment: New Order.rar (contains "New Order.exe")

RemcosRAT C2:
greenfieldsde.duckdns.org

Intelligence

File Origin
# of uploads :
1
# of downloads :
108
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2033c189a8bbb5af887e1b92a5188feddf8e32b74bfdd0e3d9c5429f4555df8e/
Threat name:
Win32.Trojan.Woreflint
Create hunting rule
Status:
Malicious
First seen:
2021-02-11 13:32:34 UTC
AV detection:
18 of 28 (64.29%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=eaz4dcnixo227cd6dojkkgep5xpy4mvxjp65by6zyvbj6rkv36ha._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Backdoor
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/2033c189a8bbb5af887e1b92a5188feddf8e32b74bfdd0e3d9c5429f4555df8e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RemcosRAT

rar 2033c189a8bbb5af887e1b92a5188feddf8e32b74bfdd0e3d9c5429f4555df8e

(this sample)

RemcosRAT

Executable exe d939f9d2a1a45d0dde7ee84561937d8a35f2e82dcb79f6ac48b8881a9f57be15

  
Dropping
MD5 9396a73ec3fbde8b721486482f262da0
  
Dropping
RemcosRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d939f9d2a1a45d0dde7ee84561937d8a35f2e82dcb79f6ac48b8881a9f57be15

Comments