MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 400c3baf67e51f420c62d86957a35595a65ed0c719c51bb16528720fe4a1641e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RemcosRAT

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	400c3baf67e51f420c62d86957a35595a65ed0c719c51bb16528720fe4a1641e
SHA3-384 hash:	bbfa976d9240310632d810d728446de688b7176507783eae85bf8d29b37db546e149dbc6502b9ec43bf40b5c5b50498f
SHA1 hash:	fcf9d7d49014943369b99cbbdd09571d0e04f68b
MD5 hash:	e4359bccd092056f9a593a2dc1a471ce
humanhash:	april-venus-network-avocado
File name:	REQUEST FOR QUOTATION.xz
Download:	download sample
Signature	RemcosRAT Create hunting rule
File size:	340'398 bytes
First seen:	2021-02-16 18:51:38 UTC
Last seen:	Never
File type:	zip
MIME type:	application/zip
ssdeep	6144:6QRAVg0goHYsHujgrt5vw2+o0FYmlSoMEwyEzmCDW2U2Mrfdo+LdCOaAHxg0yPH9:6garHdZO2otSoPwfzZO7+WdPH+P02
TLSH	FC7423293396396E5F30ED5CD566C6F510BA8723D246C3CD34B359A8EA0BCB6410A86F
Reporter	abuse_ch
Tags:	RAT RemcosRAT xz

abuse_ch

Malspam distributing RemcosRAT:

HELO: mail0.apicalways.xyz
Sending IP: 139.59.255.39
From: Accountant < sales@apicalways.com>
Subject: REQUEST FOR QUOTATION TO SUPPLY ATTACHED PRODUCTS
Attachment: REQUEST FOR QUOTATION.xz (contains "REQUEST FOR QUOTATION.exe")

RemcosRAT C2:
blacice24.ddns.net:5454