MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 25d85c7ff43d605292ceb8af50f2441f9c56ceace4bd9f53677a177fb4cedf53. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RemcosRAT


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 25d85c7ff43d605292ceb8af50f2441f9c56ceace4bd9f53677a177fb4cedf53
SHA3-384 hash: a384631cc81de7bf241749366a7f739a6c441534eb8865362a1a444fec724b6621357bf80885ccf53b1b3293aaeec364
SHA1 hash: 0f400c39eefc07135c1bef97d18221c50146ea52
MD5 hash: b24a02ac1a55ce01d6a83d28c7b4ee54
humanhash: charlie-potato-eleven-march
File name:Bill of lading.pdf.gz
Download: download sample
Signature RemcosRAT
Create hunting rule
File size:344'112 bytes
First seen:2020-05-14 04:30:22 UTC
Last seen:2020-05-14 04:31:45 UTC
File type: gz
MIME type:application/gzip
ssdeep 6144:H5KK7E8hjNb296xVGvKmz5u9jIBup+ABIZ9MVOFAJ3uGTZThJeAmZl6:HIB6jNqv55u98ktLVOFVGTloc
TLSH BB74235DBC882F3DE903212A881C79BD2979CB0C2395CE1BCD963F49E52FD9C5139962
Reporter cocaman
Tags:gz RemcosRAT


Avatar
cocaman
Malicious email
From: Song-Ma <lily0804@live.cn>
Received: from smtp.aquonmo-tech.ga (smtp.aquonmo-tech.ga [192.236.160.198])
Date: Thu, 14 May 2020 03:24:36 +0100
Subject: RE: Bank Transfer for INV 003736
Attachment: Swift payment.pdf.gz

Intelligence

File Origin
# of uploads :
2
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.BorlandDelphi-15
Create hunting rule

PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

SecuriteInfo.com.W32.Trojan3.APDT.13401.16655.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.27281.GZipHeur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-14 04:35:31 UTC
File Type:
Binary (Archive)
Extracted files:
266
AV detection:
28 of 48 (58.33%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=exmfy77uhvqffewoxcxvb4sed6ofntvm4s6z6u3hpilx7ngo35jq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RemcosRAT

gz 25d85c7ff43d605292ceb8af50f2441f9c56ceace4bd9f53677a177fb4cedf53

(this sample)

RemcosRAT

Executable exe 39b6534e71eea7f25cd242cbeec0e465b211f8cd453172f284feac37ae8c973d

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 39b6534e71eea7f25cd242cbeec0e465b211f8cd453172f284feac37ae8c973d
  
Dropping
RemcosRAT

Comments