MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 455f6d53160cb90e6f2b2c021f362260ebf90eee056fd8cf1315b67b8a74996f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RemcosRAT


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 455f6d53160cb90e6f2b2c021f362260ebf90eee056fd8cf1315b67b8a74996f
SHA3-384 hash: c7eb93e7fbf616a4e70b1a134176f402fc0a8a8c46336394fad170b64e81a81440154e3f4bc9ae49fc9ff0f15108d571
SHA1 hash: 215217d8a9161482a1dba74211ba4c6a6d8635eb
MD5 hash: 9a7fd6bfee304a1cb689d88777a8dfc1
humanhash: michigan-alabama-mobile-seventeen
File name:FDA_certs.img
Download: download sample
Signature RemcosRAT
Create hunting rule
File size:1'245'184 bytes
First seen:2020-05-07 07:01:09 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:/clFC8OaHxs8PaSq7c2m9cxk65rE4tK007QOzzT2WamMg:/clFC8o8PaH7cVc
TLSH 1D45088CB76D60AED813C435CA977C24EA236C76135E525F606770498BFFE86CE108B9
Reporter abuse_ch
Tags:img RAT RemcosRAT


Avatar
abuse_ch
Malspam distributing RemcosRAT:

HELO: coho.com
Sending IP: 217.61.98.69
From: PETER B.LEWIS <adarapeter1@gmail.com>
Reply-To: byron@cglhkgs.online, peter-lewis20@live.com
Subject: Face mask
Attachment: FDA_certs.img (contains "FDA_certs.exe")

RemcosRAT C2s:
kmt.duckdns.org
kmt-2.duckdns.org

Intelligence

File Origin
# of uploads :
1
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.GenKryptik.EKBI.23741.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-08 03:11:00 UTC
File Type:
Binary (Archive)
Extracted files:
4
AV detection:
14 of 31 (45.16%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ivpw2uywbs4q43zlfqbb6nrcmdv7sdxoavx5rtytcw3hxctutfxq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RemcosRAT

img 455f6d53160cb90e6f2b2c021f362260ebf90eee056fd8cf1315b67b8a74996f

(this sample)

RemcosRAT

Executable exe 246fb765947ed62ef616f5f714642ff0db639983582c0fa2cbab9ad251669b78

  
Dropping
MD5 9c547767c3059a4aa991b4b4413725bb
  
Dropping
RemcosRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 246fb765947ed62ef616f5f714642ff0db639983582c0fa2cbab9ad251669b78

Comments