MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2795711e3e2067045884aaf4a8c12a7d8f35b1f454a480bcef423b0d289ea3dd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RemcosRAT


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2795711e3e2067045884aaf4a8c12a7d8f35b1f454a480bcef423b0d289ea3dd
SHA3-384 hash: 4864eae5d7b0cb86c7b3c1a3674d43a0ecffabb5cc244ab6bb5b4f315ad56f35d3b07fc1111f5b54556f43ca70512391
SHA1 hash: 1c1b0350adc96ed5ca9dc413be522b4cedafc1d3
MD5 hash: 32deab5371ad3f4f28de4348cffae24b
humanhash: nuts-romeo-diet-georgia
File name:Extracto_Adjunto_9385054641140025242788136316_2668596035833973129463161_5970332112619846899783104787
Download: download sample
Signature RemcosRAT
Create hunting rule
File size:264'214 bytes
First seen:2020-08-05 08:52:19 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:b5UMYWi/oq0b7S6e5kC02aPao2AKSB+o2kp:MvRKSV02eao2AKTSp
TLSH 2044235DA6EF6C825454ACECC2250844518C52CDE811D6CC6FB6AC64B83BAD0C9CEEFF
Reporter abuse_ch
Tags:Outlook RAT RemcosRAT


Avatar
abuse_ch
Malspam distributing RemcosRAT:

HELO: NAM04-BN3-obe.outbound.protection.outlook.com
Sending IP: 40.92.9.22
From: info. Extracto <tesoreria49procolombia@outlook.es>
Subject: EXTRACTO SERFINANZA.
Attachment: Extracto_Adjunto_9385054641140025242788136316_2668596035833973129463161_5970332112619846899783104787 (contains "Extracto_Adjunto_9385054641140025242788136316_2668596035833973129463161_5970332112619846899783104787_0507678132265074132_pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
62
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2795711e3e2067045884aaf4a8c12a7d8f35b1f454a480bcef423b0d289ea3dd/
Threat name:
ByteCode-MSIL.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-08-05 08:54:07 UTC
AV detection:
7 of 47 (14.89%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=e6kxchr6ebtqiweevl2krqjkpwhtlmpukssibphpii5q2ke6upoq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/2795711e3e2067045884aaf4a8c12a7d8f35b1f454a480bcef423b0d289ea3dd

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RemcosRAT

rar 2795711e3e2067045884aaf4a8c12a7d8f35b1f454a480bcef423b0d289ea3dd

(this sample)

RemcosRAT

Executable exe 5623d23f830311afc91586eeae9824ede5dd4233d9b45a45a6bea4110514db48

  
Dropping
MD5 303929d2df4adc9613364c3562b29997
  
Dropping
RemcosRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 5623d23f830311afc91586eeae9824ede5dd4233d9b45a45a6bea4110514db48

Comments