MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6bd678bf71a6b8c33bd6b03d2559ee5e43fef7b6449d48962a2c4032ce7a8138. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RemcosRAT

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	6bd678bf71a6b8c33bd6b03d2559ee5e43fef7b6449d48962a2c4032ce7a8138
SHA3-384 hash:	7724b41a2b6fe01ef8c94f52d1cfcc64da2e1687c93eaaecdf037696b74c3324543b5b8066268f1aec7d96120a67a9bc
SHA1 hash:	40dae7ff245da1fe5200bb9bd3d54271b2dbf339
MD5 hash:	31b1ec9f1787e4e1ea11914da6375ce5
humanhash:	summer-paris-xray-lima
File name:	31b1ec9f1787e4e1ea11914da6375ce5.exe
Download:	download sample
Signature	RemcosRAT Create hunting rule
File size:	845'824 bytes
First seen:	2020-05-18 16:46:39 UTC
Last seen:	2020-05-18 17:54:36 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	a60eeb16c5e8e15ff22c79959616ed49 (4 x RemcosRAT)
ssdeep	12288:5dnXgLQtMYV/abj5+Lt8zgW8JVfvNOzTDpsSRzamhlzKTjekpQiCBw8aC5y5sCN:5G8abG8fsloPDyeh9KGYKis
Threatray	85 similar samples on MalwareBazaar
TLSH	C8057E27F2D08437C1232A3D9C5BAB689D3ABE513D186C466FE83D4C5F39782742A197
Reporter	abuse_ch
Tags:	exe RAT RemcosRAT

abuse_ch

RemcosRAT C2:
deone.hopto.org:2048 (154.16.93.172)

Intelligence

File Origin

# of uploads :

2

# of downloads :

87

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

PUA.Win.Packer.BorlandDelphi-15

PUA.Win.Adware.Slugin-6803969-0

PUA.Win.Adware.Slugin-6840354-0

Gathering data

Threat name:

Win32.Trojan.Delf

Status:

Malicious

First seen:

2020-05-18 17:36:11 UTC

AV detection:

33 of 48 (68.75%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=nplhrp3ru24mgo6wwa6skwpolzb7555wisourfrkfradftt2qe4a._file

Verdict:

suspicious

Similar samples:

029c973cf95aad6fd32af2475d767633002e6139a7d04bc6d23574dcd7e49eda

3484fffe14e6d045c8a5c568187f686d4479693dadb3fc4631b7d307000b5148

5e499f9a72195ce2d1d2e0ca6dffbacc880ae5bc0847ea03e65060c993e35146

654dcb8cbaca77d6679523c36f44ea656e39a97ce7e4d6f91b089fe8d54f9787

663921e0ebe32e8c57da404739f780f14ce4e9a86c13d47530e25649df2324d8

70dea2916d0ca9c6cbd5414addb05007b7ece30a36129de2733cd5373710ee99

7c7a7c3e89daeb57bcd8fe5a895461161efafa3a5b2f111e0e23aff6b3f9535a

d451ccbf03a26ade8ebf9ac8ab623025dd3148b45dd1bfc85e5761e13226308d

e24298b174f7e0ac0ff54e424e20981739f31d285969d829dfb0b7b95272b7d6

f6b725654c8d666688aaa90def223e8592a17110aead0e275c35c64e18c10985

+ 75 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

6/10

Tags:

n/a

Link:

https://tria.ge/reports/201109-5fxklwwzrs/

Behaviour

Script User-Agent

Legitimate hosting services abused for malware hosting/C2

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample