MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 372b96478f2274b04ad5d47fbe4db81cce57115c8b84748226b36ab9b697a1d9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RemcosRAT


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 372b96478f2274b04ad5d47fbe4db81cce57115c8b84748226b36ab9b697a1d9
SHA3-384 hash: cbe1110e3be28e09445ae5c79411141985f9d57587874d26af7e5f4b6f3e7956881d2e35d4c2a50ad531535171db1f4c
SHA1 hash: 85abbbc5b194f463a9f1124d683ddd3a319585e3
MD5 hash: 738008121818ad64d0f8fa31b537cab9
humanhash: one-india-crazy-carbon
File name:ADJUNTO_SERFINANZA_1749215776698168558271_4803580771640956644_454732582763146614603879886660_0156881
Download: download sample
Signature RemcosRAT
Create hunting rule
File size:201'061 bytes
First seen:2020-12-28 07:55:19 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:5SAgVS4RQR+v0bDhOlbqRLFUe6YRL6g7J:5SAgjRQJElbqRLFj6c57J
TLSH C81423C79D1BA2FFDBA03C4DA566ADC283D99DF7E3404CACE5246EE5C8D4081C5E0A58
Reporter abuse_ch
Tags:ESP geo Outlook RAT RemcosRAT


Avatar
abuse_ch
Malspam distributing RemcosRAT:

HELO: NAM04-SN1-obe.outbound.protection.outlook.com
Sending IP: 40.92.11.83
From: info. Extracto <tesoreria19procolombia@outlook.es>
Subject: FACTURA EN MORA, REPORTE NEGATIVO EN DATACREDITO
Attachment: ADJUNTO_SERFINANZA_1749215776698168558271_4803580771640956644_454732582763146614603879886660_0156881 (contains "ADJUNTO_SERFINANZA_1749215776698168558271_4803580771640956644_454732582763146614603879886660_0156881393079417053956926_pdf.exe")

RemcosRAT C2:
databasepropersonombrecomercialideasearchwords.services

Intelligence

File Origin
# of uploads :
1
# of downloads :
491
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/372b96478f2274b04ad5d47fbe4db81cce57115c8b84748226b36ab9b697a1d9/
Threat name:
ByteCode-MSIL.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2020-12-28 07:56:06 UTC
AV detection:
7 of 48 (14.58%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=g4vzmr4pej2laswv2r734tnydthfoek4rochjargwnvltnuxuhmq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/372b96478f2274b04ad5d47fbe4db81cce57115c8b84748226b36ab9b697a1d9

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RemcosRAT

rar 372b96478f2274b04ad5d47fbe4db81cce57115c8b84748226b36ab9b697a1d9

(this sample)

RemcosRAT

Executable exe ece0f92110b68a8d7cd1d4a3099011d26d57670923e9e20328def2553ab69cbc

  
Dropping
MD5 a109c83108f15a49b4941c966e2630ee
  
Dropping
RemcosRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ece0f92110b68a8d7cd1d4a3099011d26d57670923e9e20328def2553ab69cbc

Comments