MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 46088f79e9eae56cdf3ca31ffcdaf70503c2cda55bb6e53d225fee76b6611c49. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RemcosRAT


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 46088f79e9eae56cdf3ca31ffcdaf70503c2cda55bb6e53d225fee76b6611c49
SHA3-384 hash: ada17866c743efa97b9c1027dc5fde30df329f4cf61be5f72ed38856b3baf893644edc00f5f2ed6a35bea2ae65cd96cd
SHA1 hash: 18c566d6e5dc5aebe17632588a9426f00ec42c65
MD5 hash: 5284fb846132d541a879081393110ecd
humanhash: delta-minnesota-nineteen-island
File name:PO_Technical Spec_17.8.rar
Download: download sample
Signature RemcosRAT
Create hunting rule
File size:335'658 bytes
First seen:2020-08-17 17:52:52 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:3566Dy54M2LJzTbOl/QnD0ns5ef4hvDOSxVEFdhzbCBt+23kJ28MN47+NpUradI:46DyB2Z0YD0nqjxeFdhzbDA+7MuintO
TLSH 0D6423EFD95B389AC0D2AC84C6538A69A433DC23F21B652D719F7962BA8C0D050F719D
Reporter abuse_ch
Tags:rar RAT RemcosRAT


Avatar
abuse_ch
Malspam distributing RemcosRAT:

HELO: poydorus.t.mk
Sending IP: 195.26.152.36
From: Andrei Stroie <dispomk@bomi10.com.mk>
Subject: Request offer for 2 pcs machines/trucks
Attachment: PO_Technical Spec_17.8.rar (contains "PO_Technical Spec_17.8.exe")

RemcosRAT C2:
rromaniitalfoodsinc.zapto.org:7762 (115.134.100.130)

Intelligence

File Origin
# of uploads :
1
# of downloads :
71
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Heur.10441.19707.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/46088f79e9eae56cdf3ca31ffcdaf70503c2cda55bb6e53d225fee76b6611c49/
Threat name:
Win32.Trojan.Delf
Create hunting rule
Status:
Malicious
First seen:
2020-08-17 17:54:08 UTC
AV detection:
6 of 48 (12.50%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=iyei66pj5lswzxz4ump7zwxxaub4ftnflo3okpjcl7xhnntbdreq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/46088f79e9eae56cdf3ca31ffcdaf70503c2cda55bb6e53d225fee76b6611c49

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RemcosRAT

rar 46088f79e9eae56cdf3ca31ffcdaf70503c2cda55bb6e53d225fee76b6611c49

(this sample)

RemcosRAT

Executable exe 0755d371e5549b67564d6dfa29600f76226a3dae42acaa8a6d0a82402e57bf86

  
Dropping
MD5 01b0998d34d0cce5c7281415ff91ff85
  
Dropping
RemcosRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 0755d371e5549b67564d6dfa29600f76226a3dae42acaa8a6d0a82402e57bf86

Comments