MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 48429cee78cfa36990982a19a168f35e62b1988b0bf492a87e1db4ae9237a96a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RemcosRAT


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 48429cee78cfa36990982a19a168f35e62b1988b0bf492a87e1db4ae9237a96a
SHA3-384 hash: a2619351d7186dc9ddbcd3ac5d47a85eff701bcd77ce7a9c39194fdbd76947f4c76c76d9df5e90682f21b4e849766109
SHA1 hash: e05fa4e848e33dfcf9ee88a2fc74eca4b1a5206d
MD5 hash: 6c386348edc94f5c8c57c57a928bd60c
humanhash: angel-hotel-angel-carbon
File name:PO 16790-27OCT2020INV,pdf.iso
Download: download sample
Signature RemcosRAT
Create hunting rule
File size:903'168 bytes
First seen:2020-10-28 06:49:58 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 12288:GqBsCOrtV8uOt0AbHxxXbhc9K2VQQQOKS8mt9VjW:zk3VjW
TLSH F715E92D998415A2F133A676A0F54597BBA42DC67BF81C4B11C23B0939FAE033D9734E
Reporter abuse_ch
Tags:iso RAT RemcosRAT


Avatar
abuse_ch
Malspam distributing RemcosRAT:

HELO: s7.itlinkonline.com
Sending IP: 95.217.94.198
From: Pereira Azevedo <info9@zeppelin-la.com>
Subject: Nueva confirmaciĆ³n de pedido PO-1912679
Attachment: PO 16790-27OCT2020INV,pdf.iso (contains "PO 16790-27OCT2020INV,pdf.bat")

Intelligence

File Origin
# of uploads :
1
# of downloads :
69
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Trojan.Generic-6629274-0
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/48429cee78cfa36990982a19a168f35e62b1988b0bf492a87e1db4ae9237a96a/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-10-27 16:34:45 UTC
AV detection:
11 of 48 (22.92%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=jbbjz3tyz6rwteeyfim2c2htlzrldgelbp2jfkd6dw2k5erxvfva._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/48429cee78cfa36990982a19a168f35e62b1988b0bf492a87e1db4ae9237a96a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RemcosRAT

iso 48429cee78cfa36990982a19a168f35e62b1988b0bf492a87e1db4ae9237a96a

(this sample)

RemcosRAT

Executable exe 608ccbae2c8c4962a96eea034a796a354d781f172b33d3396836f141f3e50a27

  
Dropping
MD5 4fad8663894501e5d1f1a0f574519a7c
  
Dropping
RemcosRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 608ccbae2c8c4962a96eea034a796a354d781f172b33d3396836f141f3e50a27

Comments