MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3248895491e2670f8dca9278c2631b295094e3c02a44de74faa94ed8ab96d201. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RemcosRAT


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3248895491e2670f8dca9278c2631b295094e3c02a44de74faa94ed8ab96d201
SHA3-384 hash: a9446130575abd74f71f6f4acbeef8fd73ddc0ac9233b8e342077a5d18e18187e30887c0d3ffe6facf2d5db595388056
SHA1 hash: e1c615a7381151c5d1409c83475e9152a79c6e28
MD5 hash: 40788bcdfeee919c3afa07cd3a65d4a7
humanhash: romeo-emma-cat-comet
File name:POCM 202100322.zip
Download: download sample
Signature RemcosRAT
Create hunting rule
File size:955'020 bytes
First seen:2021-02-16 15:49:16 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:IfAhnErdrPAjnH3zQ5b3vUSpSlSzClYsE3a6wzq:IfAhnErmnH3zab/UAS0z7sE3gq
TLSH 1615334CF52DB01EAC41185BF0030513A09462C4EB9F984ABBB3385A5F97AB6DDB4B77
Reporter abuse_ch
Tags:RAT RemcosRAT zip


Avatar
abuse_ch
Malspam distributing RemcosRAT:

HELO: vps.helitactica.xyz
Sending IP: 203.159.80.22
From: office@kolsitegroups.com
Subject: Purchase New Order 3401
Attachment: POCM 202100322.zip (contains "POCM 202100322.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
248
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Packed2.42845.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3248895491e2670f8dca9278c2631b295094e3c02a44de74faa94ed8ab96d201/
Threat name:
ByteCode-MSIL.Packed.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-02-16 15:50:07 UTC
AV detection:
5 of 47 (10.64%)
Threat level:
  1/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=gjeisver4jtq7doksj4meyy3ffijjy6afjcn45h2vfhnrk4w2iaq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.65
Link:
https://yomi.yoroi.company/submissions/3248895491e2670f8dca9278c2631b295094e3c02a44de74faa94ed8ab96d201

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RemcosRAT

zip 3248895491e2670f8dca9278c2631b295094e3c02a44de74faa94ed8ab96d201

(this sample)

RemcosRAT

Executable exe 8c0e5872f00565c21bdf5f5f930ebbfdb116913962150eb35fd3a603e058a045

  
Dropping
MD5 65b49d37e5cb8dd9cfaf7c59a1d8e508
  
Dropping
RemcosRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 8c0e5872f00565c21bdf5f5f930ebbfdb116913962150eb35fd3a603e058a045

Comments