MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6a6fa446ad69c55575f2c1035a3f15b01727f081e8d66d792370c5cd5d1d2a47. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RemcosRAT


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6a6fa446ad69c55575f2c1035a3f15b01727f081e8d66d792370c5cd5d1d2a47
SHA3-384 hash: 702ad177907fbc62e853fb9ad1f86ab09d9e880b78c38e427830fbce84d8dfdd45b88d957a5ff630dd084dc296e51f38
SHA1 hash: 334b2501f98a3ba00b010ee20bbb2ca109caf38c
MD5 hash: be18cc26c133782e6762cb8392aaf6a4
humanhash: princess-maryland-johnny-lamp
File name:GST Invoice - No.SKDC2001006133.rar
Download: download sample
Signature RemcosRAT
Create hunting rule
File size:821'040 bytes
First seen:2021-01-08 19:04:31 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:CwHFyD/4GuD/TxHIncap7qiojJoWO4UV05lJJHi8AY6PdAtYmJ/OelNSA4y6:Tlyr4PXxOcap7r6JoWe0i8R/Oely
TLSH C005234395F13AE34D3D22685F7B62FBB254823E6688BC1B2038FC6904D797631624E7
Reporter abuse_ch
Tags:rar RAT RemcosRAT


Avatar
abuse_ch
Malspam distributing RemcosRAT:

HELO: skdc-consultants.com
Sending IP: 212.83.46.26
From: M/s.SKDC Consultants Limited <info@skdc-consultants.com>
Subject: GST Invoice SKDC2001006133 Notification
Attachment: GST Invoice - No.SKDC2001006133.rar (contains "GST Invoice - No.SKDC2001006133.exe")

RemcosRAT C2:
212.83.46.26:4023

Intelligence

File Origin
# of uploads :
1
# of downloads :
308
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6a6fa446ad69c55575f2c1035a3f15b01727f081e8d66d792370c5cd5d1d2a47/
Threat name:
Win32.Trojan.Pwsx
Create hunting rule
Status:
Malicious
First seen:
2021-01-08 19:05:07 UTC
AV detection:
11 of 46 (23.91%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=njx2irvnnhcvk5psyebvupyvwalsp4eb5dlg26jdodc42xi5fjdq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/6a6fa446ad69c55575f2c1035a3f15b01727f081e8d66d792370c5cd5d1d2a47

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RemcosRAT

rar 6a6fa446ad69c55575f2c1035a3f15b01727f081e8d66d792370c5cd5d1d2a47

(this sample)

RemcosRAT

Executable exe ec61eb67057660a18fa9d4465b12830c2bbded3234a401dd441176db16176803

  
Dropping
MD5 807d184706be5d985443653bab74c2a7
  
Dropping
RemcosRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ec61eb67057660a18fa9d4465b12830c2bbded3234a401dd441176db16176803

Comments