MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 26929c207c3f9f022704cad47d0f1ead87ddfc49ed2cc8fe12b86227b6067e1c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RemcosRAT


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 26929c207c3f9f022704cad47d0f1ead87ddfc49ed2cc8fe12b86227b6067e1c
SHA3-384 hash: d545731b01fa5d8b80b0e0bdf8c4974b3b8cc3a40493665aed1ac852d9ce6fdcfafdfab9974ba8e92b9ceda0f74aacdc
SHA1 hash: cda77e1e69abf0beea750841b136cda90d5d4908
MD5 hash: 12cf4745af3061dc43c79c2a2941a2bb
humanhash: summer-yankee-blue-eleven
File name:Signed PO202002FiveBro2A2.xz
Download: download sample
Signature RemcosRAT
Create hunting rule
File size:1'349'503 bytes
First seen:2021-02-11 07:28:02 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:keESDGmxPzByiB5WQmGuNySpagi9cbjWBX7aBSN0R6yL64J6LAs7XrCntPtzeJRE:keLDGKyiBl5XyHkojwa7RvLf4L9XrCnj
TLSH 1E5533DD86EF13958A78C23671C232E5A21BDED484CA2C2A71518FBD8890B77F7D2143
Reporter abuse_ch
Tags:RAT RemcosRAT xz


Avatar
abuse_ch
Malspam distributing RemcosRAT:

HELO: ds1196.tmddedicated.eu
Sending IP: 198.20.127.220
From: Kiran Sonawane <mumbai@fivebro.com>
Subject: New PO (Signed)
Attachment: Signed PO202002FiveBro2A2.xz (contains "Signed PO202002FiveBro2A2.exe")

RemcosRAT C2:
severdops.ddns.net:7721

Intelligence

File Origin
# of uploads :
1
# of downloads :
201
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.generic.ml.5780.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/26929c207c3f9f022704cad47d0f1ead87ddfc49ed2cc8fe12b86227b6067e1c/
Threat name:
ByteCode-MSIL.Backdoor.Androm
Create hunting rule
Status:
Malicious
First seen:
2021-02-12 04:16:41 UTC
AV detection:
20 of 47 (42.55%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=e2jjyid4h6pqejyezlkh2dy6vwd537cj5uwmr7qsxbrcpnqgpyoa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/26929c207c3f9f022704cad47d0f1ead87ddfc49ed2cc8fe12b86227b6067e1c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RemcosRAT

zip 26929c207c3f9f022704cad47d0f1ead87ddfc49ed2cc8fe12b86227b6067e1c

(this sample)

RemcosRAT

Executable exe b1e15b9a8dad8e09e6a44215449f0b4f9fb269f6e00a3106a520780e43c2efd8

  
Dropping
MD5 4436e740b10c60190d50d4a9260c1cc7
  
Dropping
RemcosRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b1e15b9a8dad8e09e6a44215449f0b4f9fb269f6e00a3106a520780e43c2efd8

Comments