MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 432e5e46e0dc2e8db583c47e920155beee1160a294d3c1c2397ff0be8bd1a2e4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RemcosRAT


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 432e5e46e0dc2e8db583c47e920155beee1160a294d3c1c2397ff0be8bd1a2e4
SHA3-384 hash: 4681d66feb533bf6166396cb6d5138743e7880291e37ed20c4bc05214ef91e98d08672266dbb365859405244623d1e30
SHA1 hash: 91e119cd5a2b348a59b6b2e3ae9b285344a414ea
MD5 hash: b7b0f75c4767a4dc2a85bb2871eefbbb
humanhash: vegan-white-lima-berlin
File name:New_shipment_order42542526_February.xz
Download: download sample
Signature RemcosRAT
Create hunting rule
File size:435'477 bytes
First seen:2021-02-26 06:13:25 UTC
Last seen:Never
File type: xz
MIME type:application/x-rar
ssdeep 12288:L4TJqfhqs2xHTFAXlt5qkjPms+YJpZmL7YvRr5:2g4L5Ktpjfv3Zr5
TLSH 879423C349382A41FE762BD264358529A603F3DB7AFE4209BC6D84D2BF03161A5BD533
Reporter abuse_ch
Tags:RemcosRAT xz


Avatar
abuse_ch
Malspam distributing unidentified malware:

From: Emily Dagner <administrator@cttcl.co>
Subject: New shipment order #934950260926
Attachment: New_shipment_order42542526_February.xz (contains "New_shipment_order#42542526_February.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
144
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/432e5e46e0dc2e8db583c47e920155beee1160a294d3c1c2397ff0be8bd1a2e4/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2021-02-26 02:20:05 UTC
AV detection:
24 of 48 (50.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=imxf4rxa3qxi3nmdyr7jeakvx3xbcyfcstj4dqrzp7yl5c6rulsa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RemcosRAT

xz 432e5e46e0dc2e8db583c47e920155beee1160a294d3c1c2397ff0be8bd1a2e4

(this sample)

RemcosRAT

Executable exe f1e9d6eb71a715e5f47a5c6fa5d03e9c3b871a0e88c91c709ff67ab9311caf4e

  
Dropping
MD5 88f82763beb4dd0be4ea6cea7284e556
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 f1e9d6eb71a715e5f47a5c6fa5d03e9c3b871a0e88c91c709ff67ab9311caf4e

Comments