MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4f121e68bbc9b81930ad67d8dad0dcee64c09d55f3518f9b5fee098e590f9eda. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RemcosRAT


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4f121e68bbc9b81930ad67d8dad0dcee64c09d55f3518f9b5fee098e590f9eda
SHA3-384 hash: 6574d6b3e4c0b7cdb83331501b5d95e49827c6fd4c5e909427377b6d8cd1b78820518959217f8dbd39342a8dc5b8cd6d
SHA1 hash: f23c1e53315f56cbee4c5e4f8673f6f529badf69
MD5 hash: f993e77df636e4ec2225238959d227d5
humanhash: wisconsin-bravo-ten-ceiling
File name:Scanxii_Signed_.img
Download: download sample
Signature RemcosRAT
Create hunting rule
File size:1'703'936 bytes
First seen:2020-07-21 07:43:13 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 24576:Z0vtfbdNzTnlj/jllmyXkybwEIVKGfHNBJV2jjFP0Mqvf:Z0v9f/kxEIVRfHfJV2nFP0M
TLSH C875AF13F3608D72D13315389C634ABD9B2BBF153625984D7AE6DF088F39181793A2A7
Reporter abuse_ch
Tags:GoDaddy img RemcosRAT


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: p3plmtsmtp01.prod.phx3.secureserver.net
Sending IP: 184.168.131.12
From: Peybord Solutions <account@peybordco.com>
Subject: For Your Kind Attention (Ref ID: XIICBF)
Attachment: Scanxii_Signed_.img (contains "Scanxii_Signed_.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
68
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4f121e68bbc9b81930ad67d8dad0dcee64c09d55f3518f9b5fee098e590f9eda/
Threat name:
Win32.Trojan.Avemariarat
Create hunting rule
Status:
Malicious
First seen:
2020-07-21 07:45:06 UTC
AV detection:
16 of 29 (55.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=j4jb42f3zg4bsmfnm7mnvug45zsmbhkv6niy7g275yey4wipt3na._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/4f121e68bbc9b81930ad67d8dad0dcee64c09d55f3518f9b5fee098e590f9eda

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RemcosRAT

img 4f121e68bbc9b81930ad67d8dad0dcee64c09d55f3518f9b5fee098e590f9eda

(this sample)

RemcosRAT

Executable exe a1c561c21720c4f1c3626276db6afc2c12b1aae9304c78518763eb78454f84b8

  
Dropping
MD5 b28c11943d0779aa8b2a118ebca7a52e
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 a1c561c21720c4f1c3626276db6afc2c12b1aae9304c78518763eb78454f84b8

Comments