MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 58041c57728dd0597d3d009fcf902df1d9b9910b8b49b8021695344573da9885. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RemcosRAT


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 58041c57728dd0597d3d009fcf902df1d9b9910b8b49b8021695344573da9885
SHA3-384 hash: bedd116b46fefd9ec3f7fc0cd79b57b50f8a7e4a2f0c4382aba053c069df2edb7428d6c0b05a2d168997a34177cba398
SHA1 hash: 72e6078314587b84fe9f7823ff1c7fb40802f422
MD5 hash: 62ea41aa602bd4f7cea53401b0738636
humanhash: idaho-helium-mango-fish
File name:Hormann Mexico SA de CV- Nuevo pedido.iso
Download: download sample
Signature RemcosRAT
Create hunting rule
File size:1'081'344 bytes
First seen:2021-02-10 16:54:44 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 12288:q82glUZCAYAIo4Kv8dSF8f+W2RoVep9J7dEtOw8Ps1j:R2oWPIo9v8de5+efdm78Pkj
TLSH 4A357DF17BA14437E0133ABA9C5A53A469263DA8695C484EB7B4FE0A7F357853CC804F
Reporter abuse_ch
Tags:iso RAT RemcosRAT


Avatar
abuse_ch
Malspam distributing RemcosRAT:

HELO: server.doole.io
Sending IP: 188.40.83.134
From: Zavala Cristian <cotizacion.mty@hormann.com.mx>
Subject: RE: Hormann Mexico SA de CV- Nuevo pedido
Attachment: Hormann Mexico SA de CV- Nuevo pedido.iso (contains "Hormann Mexico SA de CV- Nuevo pedido.exe")

RemcosRAT C2:
marstonstyl247.ddns.net:8364

Intelligence

File Origin
# of uploads :
1
# of downloads :
157
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Trojan.Generic-6629274-0
Create hunting rule

PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/58041c57728dd0597d3d009fcf902df1d9b9910b8b49b8021695344573da9885/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2021-02-10 15:48:03 UTC
AV detection:
14 of 45 (31.11%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=lacbyv3srxifs7j5acp47ebn6hm3teilrne3qaqwsu2ek462tccq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/58041c57728dd0597d3d009fcf902df1d9b9910b8b49b8021695344573da9885

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RemcosRAT

iso 58041c57728dd0597d3d009fcf902df1d9b9910b8b49b8021695344573da9885

(this sample)

RemcosRAT

Executable exe 2a914a931b749d964e9087d25ec502a25c22118c24e0239e7b9a73af3d4a6779

  
Dropping
MD5 caaab386fc7aad937d52d752b6ea335b
  
Dropping
RemcosRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 2a914a931b749d964e9087d25ec502a25c22118c24e0239e7b9a73af3d4a6779

Comments