MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3d9c72a997d9344ce06ad7dd0b868393d8c5a70ce6458cdfa796c406fe766971. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RemcosRAT


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3d9c72a997d9344ce06ad7dd0b868393d8c5a70ce6458cdfa796c406fe766971
SHA3-384 hash: 9840fdd8c965a54c60b8e33c375567c9a5ac68ce24cf9ba9669e9d7b834022c97f7cc1f9cd9132c31acb0e2ca1773c82
SHA1 hash: 04f9ab4e938216d4be473f7885d6b9989e139fe0
MD5 hash: 429fcaa7ca5fb41ed0622e093941eee2
humanhash: four-butter-fish-india
File name:Attachment.iso
Download: download sample
Signature RemcosRAT
Create hunting rule
File size:1'638'400 bytes
First seen:2020-05-05 16:57:09 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 24576:vA+G7rywwCO3431KMn83pePc1eqxcdEEJ:IdrSfq6ePrE
TLSH 5D758D22F6934833D02656398D3B96B59936BE212E3858873BF97D3C5F75341382728B
Reporter abuse_ch
Tags:Azure DHL iso nVpn RAT RemcosRAT


Avatar
abuse_ch
Malspam distributing RemcosRAT:

HELO: newsunday.southcentralus.cloudapp.azure.com
Sending IP: 23.102.165.6
From: Dhl Customer Support <Support@dhl.com>
Subject: Order Delivery Failed
Attachment: Attachment.iso (contains "Document Attached.exe")

RemcosRAT C2:
79.134.225.107:2404

Intelligence

File Origin
# of uploads :
1
# of downloads :
86
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Zusy
Create hunting rule
Status:
Malicious
First seen:
2020-05-06 03:36:51 UTC
File Type:
Binary (Archive)
Extracted files:
70
AV detection:
9 of 48 (18.75%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=hwohfkmx3e2ezydk27oqxbudspmmljym4zcyzx5hs3can7twnfyq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RemcosRAT

iso 3d9c72a997d9344ce06ad7dd0b868393d8c5a70ce6458cdfa796c406fe766971

(this sample)

RemcosRAT

Executable exe 581b7a232d3d1bc1452e0a1abe985e16cc6eb018ec12f67e28db4d63872cbb13

  
Dropping
MD5 bd261aaba73df28e7033a5fd25ada205
  
Dropping
RemcosRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 581b7a232d3d1bc1452e0a1abe985e16cc6eb018ec12f67e28db4d63872cbb13

Comments