MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6c2321e3f0928e3ddcc82bef42f2ff5c046da1c2ef2a0ff24f8e59f8133abbed. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RemcosRAT


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6c2321e3f0928e3ddcc82bef42f2ff5c046da1c2ef2a0ff24f8e59f8133abbed
SHA3-384 hash: b810a98d94329c689eeececc08c40a0cb7e4762f6acd849f368f2474301fad1ec8751ece18650482494f38be9e50c11c
SHA1 hash: f5ff79f4f7f14c1959f640cab284768ef3029443
MD5 hash: bd3180256ce97f33e5f178c344f8928d
humanhash: helium-seventeen-delta-carbon
File name:ORDER_6353745.cab
Download: download sample
Signature RemcosRAT
Create hunting rule
File size:354'591 bytes
First seen:2021-02-09 12:58:14 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:X8dKAT2uSOfEULvJYnLh6sz4rk4P0H6/7YKm2Tu2Ai7l55j:X8d5TXvLvOnd/zs0oYp2nH7lr
TLSH 2F7423F8A8F12EEA60DDC39A2A2D22512CF243C42477704B8D5F1777B64EFB91896705
Reporter cocaman
Tags:cab


Avatar
cocaman
Malicious email (T1566.001)
From: "Mikhailenko Elena Vladimirovna <mihaylenko@alekogroup.ru>" (likely spoofed)
Received: "from server.doole.io (server.doole.io [188.40.83.134]) "
Date: "Tue, 09 Feb 2021 12:29:27 +0000"
Subject: "RE: OUR REVISED ORDER 9/02/2021"
Attachment: "ORDER_6353745.cab"

Intelligence

File Origin
# of uploads :
1
# of downloads :
98
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6c2321e3f0928e3ddcc82bef42f2ff5c046da1c2ef2a0ff24f8e59f8133abbed/
Threat name:
Win32.Infostealer.BestaFera
Create hunting rule
Status:
Malicious
First seen:
2021-02-09 12:59:06 UTC
File Type:
Binary (Archive)
Extracted files:
71
AV detection:
19 of 28 (67.86%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=nqrsdy7qskhd3xgifpxuf4x7lqcg3ioc54va74sprzm7qez2xpwq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/6c2321e3f0928e3ddcc82bef42f2ff5c046da1c2ef2a0ff24f8e59f8133abbed

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RemcosRAT

rar 6c2321e3f0928e3ddcc82bef42f2ff5c046da1c2ef2a0ff24f8e59f8133abbed

(this sample)

RemcosRAT

Executable exe 926da3334135961ff0c19ecf4358201ba4734ab01186061c423deeb081ec1cff

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 926da3334135961ff0c19ecf4358201ba4734ab01186061c423deeb081ec1cff

Comments