MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 44beaae082739aac29ed63bf2624d2b3eb5fc407ff988374df481647fab01638. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RemcosRAT


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 44beaae082739aac29ed63bf2624d2b3eb5fc407ff988374df481647fab01638
SHA3-384 hash: 9f76e95059e7f67617e94d90bba3fcf1f30739412b505d09401be9c7bfe7764b9dce5d057d1573b7da0b0c45d31c2677
SHA1 hash: c36da91a2f02c49f7270a671eb6ee162c69d052d
MD5 hash: ef33de31362e7d20ffb6c64a0eede122
humanhash: lemon-lithium-uniform-ohio
File name:Resit DHL 8897209547, pdf.iso
Download: download sample
Signature RemcosRAT
Create hunting rule
File size:468'992 bytes
First seen:2020-06-10 06:17:55 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 12288:nc5KalBldKk51U6fE5FCl2AGYYZLytEGxIERH1442N+u:nc5Ku91U6feKviL
TLSH E1A46B9C7550BADFC827CD768A982C24AA217477431BD203A41B15ED9B4EADBCF142F3
Reporter abuse_ch
Tags:DHL iso RAT RemcosRAT


Avatar
abuse_ch
Malspam distributing RemcosRAT:

HELO: vps.inebenthe.com
Sending IP: 45.95.169.158
From: DHL Express Cargo <delivery@dhl.com>
Subject: Penghantaran barang DHL
Attachment: Resit DHL 8897209547, pdf.iso (contains "Resit DHL 8897209547, pdf.exe")

RemcosRAT C2:
egommbute2020.ddns.net:7171 (185.19.85.135)


% Information related to '185.19.84.0 - 185.19.85.255'

% Abuse contact for '185.19.84.0 - 185.19.85.255' is 'abuse@datawire.ch'

inetnum: 185.19.84.0 - 185.19.85.255
netname: DATAWIRE-DATACENTERS
descr: CUSTOMERS ZG01
country: CH
admin-c: DA4314-RIPE
tech-c: DA4314-RIPE
status: ASSIGNED PA
mnt-by: DATAWIRE-NOC
created: 2013-09-23T14:18:55Z
last-modified: 2013-09-23T14:18:55Z
source: RIPE

Intelligence

File Origin
# of uploads :
1
# of downloads :
58
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.BehavesLike.Win32.Generic.fc.26355.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Backdoor.Remcos
Create hunting rule
Status:
Malicious
First seen:
2020-06-10 06:19:04 UTC
AV detection:
17 of 31 (54.84%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=is7kvyecoonkykpnmo7smjgswpvv7rah76mig5g7jalep6vqcy4a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RemcosRAT

iso 44beaae082739aac29ed63bf2624d2b3eb5fc407ff988374df481647fab01638

(this sample)

RemcosRAT

Executable exe ac120fadb0fde46db30df42a52a0b65d34fa6621fa13f18c11b5fe93626dcf6d

  
Dropping
MD5 4e33a373b21438a477269d5a126291c4
  
Dropping
RemcosRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ac120fadb0fde46db30df42a52a0b65d34fa6621fa13f18c11b5fe93626dcf6d

Comments