MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 432f71ffe8228503c7696e5981fc8da33d44e0727f06ba6c756b9e733586a5a1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RemcosRAT


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 432f71ffe8228503c7696e5981fc8da33d44e0727f06ba6c756b9e733586a5a1
SHA3-384 hash: 7535298a62057f2e3d8cc32a506b2803d175ba9a598739922e91b05673427349f4d18c8648b000564de759defc329f67
SHA1 hash: d72cbf48168627ae8b8260b460731f8f4bdc100e
MD5 hash: fe13038f3db82296d07781ce38443bd0
humanhash: pennsylvania-skylark-fillet-fillet
File name:Doc_IMAGE-587HTY-9545-55401.rar
Download: download sample
Signature RemcosRAT
Create hunting rule
File size:946'357 bytes
First seen:2021-03-16 10:47:15 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 24576:AiMrZF4qmNUZOu227O9nyHBHFujikm3EntvA0JKVaFi8Lm:8rRkUZ/G94umk0E5nJZLLm
TLSH 5D15330B75976E0815A77949FE436FD4281EDDAAC84F9A9EB83A5870102ED1E4FF0037
Reporter abuse_ch
Tags:Rackspace rar


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: smtp68.iad3a.emailsrvr.com
Sending IP: 173.203.187.68
From: Ajay Kumar <ajay@fairair.in>
Subject: FW: RTGS Payment sent
Attachment: Doc_IMAGE-587HTY-9545-55401.rar (contains "Doc_IMAGE-587HTY-9545-55401.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
136
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/432f71ffe8228503c7696e5981fc8da33d44e0727f06ba6c756b9e733586a5a1/
Threat name:
Win32.Trojan.Pwsx
Create hunting rule
Status:
Malicious
First seen:
2021-03-16 10:48:06 UTC
File Type:
Binary (Archive)
Extracted files:
24
AV detection:
10 of 45 (22.22%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=imxxd77iekcqhr3jnzmyd7enum6ujydsp4dlu3dvnophgnmguwqq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/432f71ffe8228503c7696e5981fc8da33d44e0727f06ba6c756b9e733586a5a1

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RemcosRAT

rar 432f71ffe8228503c7696e5981fc8da33d44e0727f06ba6c756b9e733586a5a1

(this sample)

RemcosRAT

Executable exe 20913ef76e86c0e3222ad67afaadaa44912595513a32d08345dba6ec3de019c5

  
Dropping
MD5 f46570f8573752848e4b38e514b3342e
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 20913ef76e86c0e3222ad67afaadaa44912595513a32d08345dba6ec3de019c5

Comments