MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4b892322ae57a643e7faccc6db91924dfc511cb9dde1f3fabf71071b4d6da6cd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RemcosRAT


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4b892322ae57a643e7faccc6db91924dfc511cb9dde1f3fabf71071b4d6da6cd
SHA3-384 hash: b0d1ecd145b63fe62fcf69d9fd36a9a85418c387a165473525178d6a446ed9500af5a37365b2952482bcba6f10d419dd
SHA1 hash: 7ff2a845b4f916ae8a0630e158b1a30aa051aead
MD5 hash: 5a6086524c9a65c6c90c0fa2cf033abd
humanhash: three-mango-eleven-network
File name:MY_UPS_FILE.ISO
Download: download sample
Signature RemcosRAT
Create hunting rule
File size:1'245'184 bytes
First seen:2020-10-12 19:22:35 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 12288:oOZlAvXBW34aSHxF5en1PwGP0eAMNzVn2Vd134de/:hlUM4aSHTUn1PQeLNzV2H1H/
TLSH 6145AFF3F2F14433C16726785C1B97BC6926BE132D28A8463AF91D4C6F39681792B193
Reporter abuse_ch
Tags:iso RemcosRAT UPS


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: interesting-sinoussi.40-77-67-34.plesk.page
Sending IP: 40.77.67.34
From: "UPS Customer Service" <customer@ups.com>
Subject: UPS - Pending delivery
Attachment: MY_UPS_FILE.ISO (contains "Akxqxgk_Signed_.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
106
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4b892322ae57a643e7faccc6db91924dfc511cb9dde1f3fabf71071b4d6da6cd/
Threat name:
Win32.Trojan.Ymacco
Create hunting rule
Status:
Malicious
First seen:
2020-10-12 19:24:09 UTC
AV detection:
17 of 29 (58.62%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=joesgivok6tehz72ztdnxemsjx6fchfz3xq7h6v7oedrwtlnu3gq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/4b892322ae57a643e7faccc6db91924dfc511cb9dde1f3fabf71071b4d6da6cd

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RemcosRAT

iso 4b892322ae57a643e7faccc6db91924dfc511cb9dde1f3fabf71071b4d6da6cd

(this sample)

RemcosRAT

Executable exe dc1c1c501965a46f02d345785cd1ec1f9bdb74f2defe3402c9e2b4a6f0959b8a

  
Dropping
MD5 0aadca3dadd85510ecbf17130bc0a078
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 dc1c1c501965a46f02d345785cd1ec1f9bdb74f2defe3402c9e2b4a6f0959b8a

Comments