MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3174dccd2c4a421839927d7f5a450ee1e1b1cff02128d06bfa5759e40bc81eff. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RemcosRAT


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3174dccd2c4a421839927d7f5a450ee1e1b1cff02128d06bfa5759e40bc81eff
SHA3-384 hash: 545b3df53e486fc35b4964a72e57eea71877cfe8b67ce8f595691b27929f9d330394e418cd2d887ac38795eecd3fa1b6
SHA1 hash: 117c66294cf5d4d7e7b816c847b4dd28026968aa
MD5 hash: 36612f22581f7757ce96fdff83a15823
humanhash: item-happy-texas-delta
File name:Purchase_Order_8495_from_United_Poly_Systems_LLCpdf.arj
Download: download sample
Signature RemcosRAT
Create hunting rule
File size:392'216 bytes
First seen:2020-11-05 09:46:35 UTC
Last seen:2020-11-09 07:03:32 UTC
File type: zip
MIME type:application/zip
ssdeep 6144:cBwc0hScdpcuB5PrVpb/GlJULknCECeo9P5MPjL08uf+ZRaV6TjM77usi/Nfo:iQp7BZ7/6uAb5q5IL0df+ZIejS7SC
TLSH 5B84234D2CE2F2D18612276B9254B9A03D5FD95EC3B037B6284BF041957BAB07F84BC9
Reporter abuse_ch
Tags:arj RAT RemcosRAT


Avatar
abuse_ch
Malspam distributing RemcosRAT:

HELO: domkimen.com
Sending IP: 165.227.135.1
From: United Poly Systems <info@domkimen.com>
Subject: Order # WCO102120A/ CPO # 7815-557516/ PO 8495
Attachment: Purchase_Order_8495_from_United_Poly_Systems_LLCpdf.arj (contains "Purchase_Order_8495_from_United_Poly_Systems_LLCpdf.exe")

Intelligence

File Origin
# of uploads :
17
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Downloader.Soft32downloader-6691270-0
Create hunting rule

PUA.Win.Adware.Browserio-6725861-0
Create hunting rule

SecuriteInfo.com.Artemis162931E90DCF.4593.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3174dccd2c4a421839927d7f5a450ee1e1b1cff02128d06bfa5759e40bc81eff/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-11-05 05:13:42 UTC
AV detection:
18 of 48 (37.50%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=gf2nztjmjjbbqomspv7vurio4hq3dt7qeeuna272k5m6ic6id37q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RemcosRAT

zip 3174dccd2c4a421839927d7f5a450ee1e1b1cff02128d06bfa5759e40bc81eff

(this sample)

RemcosRAT

Executable exe c431a2df37a74aba2e2d4aba3b6261540ec26923a5ed97017ec92561ac926014

  
Dropping
MD5 389e08a0a8d156a9f9ee9ac64e50f0ee
  
Dropping
RemcosRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c431a2df37a74aba2e2d4aba3b6261540ec26923a5ed97017ec92561ac926014

Comments