MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 48c5071dda7f833151a7203aa78d3cbec6eb61bb845efc79dec3b53a4e24e4f3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RemcosRAT


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 48c5071dda7f833151a7203aa78d3cbec6eb61bb845efc79dec3b53a4e24e4f3
SHA3-384 hash: 6dc196eb05270daccb41302d382ee7db883a330e3ba55f066ca2b4e4f58eac504f85b475a9090a4e90bea0f99ef6b8ac
SHA1 hash: a7fcb8d3ea4eb3402b77c8bb2094fd6ed64e7859
MD5 hash: b35b564bab670fabfad8de07f28e5b02
humanhash: magnesium-fillet-oscar-violet
File name:PO-IMG-00WDE21-00SW12-1102DD.r11
Download: download sample
Signature RemcosRAT
Create hunting rule
File size:255'375 bytes
First seen:2020-11-25 06:42:38 UTC
Last seen:2020-11-27 09:38:38 UTC
File type: zip
MIME type:application/zip
ssdeep 6144:F7y1qFqMCExrUDBXjJxKPUpdEXXjKxV8XyFJs9ik:F79IOBCE8MuxaIk
TLSH B44423A17B2D0B91BDE2CBB7B428979F0C6783166ED003C221550A6F5431923F37DE9A
Reporter GovCERT_CH
Tags:RemcosRAT

Intelligence

File Origin
# of uploads :
8
# of downloads :
108
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/48c5071dda7f833151a7203aa78d3cbec6eb61bb845efc79dec3b53a4e24e4f3/
Threat name:
ByteCode-MSIL.Backdoor.Remcos
Create hunting rule
Status:
Malicious
First seen:
2020-11-25 03:38:32 UTC
AV detection:
19 of 48 (39.58%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=jdcqoho2p6btcunhea5kpdj4x3dowyn3qrppy6o6yo2tutre4tzq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/48c5071dda7f833151a7203aa78d3cbec6eb61bb845efc79dec3b53a4e24e4f3

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RemcosRAT

zip 48c5071dda7f833151a7203aa78d3cbec6eb61bb845efc79dec3b53a4e24e4f3

(this sample)

RemcosRAT

Executable exe 2afd183ed90b0d240dad19c417fa762da0295aa0614dd20809b406e33ff2304f

  
Dropped by
RemcosRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 2afd183ed90b0d240dad19c417fa762da0295aa0614dd20809b406e33ff2304f
  
Dropping
MD5 150db24ad623a82ac4a0a0d1bab43f18

Comments