MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3a0ec0bb5c2a2623c3ce7edf505dc65396b1d9e9bafd0addd3100bd728c23af2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RemcosRAT


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3a0ec0bb5c2a2623c3ce7edf505dc65396b1d9e9bafd0addd3100bd728c23af2
SHA3-384 hash: 915edf7d01037294d332ba3cfb8480cd16d01960c076c1efc1f7a9c2143474e3706d2dae2c89e8d2703bb1c71d89ef1e
SHA1 hash: ed0634331fb4145b5dd07d70d7f2f1094124e671
MD5 hash: 7054705eebc8756c33907d59a25a4a6a
humanhash: eighteen-don-may-eleven
File name:Payment Receipt.rar
Download: download sample
Signature RemcosRAT
Create hunting rule
File size:3'070 bytes
First seen:2021-01-30 06:22:37 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 48:3IPnSNDof5rkPawOqbWj3dpltaqPwaJA8RC3Ii+LyaiRPlo+vFRNmwhJZpH7I50r:4SyJkiNaWxpvaqZ1RC4iQyaiRlhJP7IO
TLSH 9F515E79B93CB5450DB97570C843EF5069E035F165E17950894C3452C3EA8973A4C37E
Reporter abuse_ch
Tags:rar RAT RemcosRAT


Avatar
abuse_ch
Malspam distributing RemcosRAT:

HELO: sachkasath.com
Sending IP: 103.147.184.53
From: Payment Invoice <rr72idxy@sachkasath.com>
Subject: Your Payment Was Successfully Sent
Attachment: Payment Receipt.rar (contains "Payment Receipt.exe")

RemcosRAT C2:
103.147.184.53:4042

Intelligence

File Origin
# of uploads :
1
# of downloads :
243
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3a0ec0bb5c2a2623c3ce7edf505dc65396b1d9e9bafd0addd3100bd728c23af2/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-01-30 06:23:07 UTC
AV detection:
9 of 46 (19.57%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=hihmbo24fitchq6op3pvaxogkolldwpjxl6qvxotcaf5okgchlza._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/3a0ec0bb5c2a2623c3ce7edf505dc65396b1d9e9bafd0addd3100bd728c23af2

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RemcosRAT

rar 3a0ec0bb5c2a2623c3ce7edf505dc65396b1d9e9bafd0addd3100bd728c23af2

(this sample)

RemcosRAT

Executable exe c6ef2fa76295250302a28b6ab29ea1cb71845aaba07b027717f9766a52c94cc2

  
Dropping
MD5 95fb4097ed989a5d6876ae6a9e2ea70c
  
Dropping
RemcosRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c6ef2fa76295250302a28b6ab29ea1cb71845aaba07b027717f9766a52c94cc2

Comments