MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6ed519741bc473365883ef6379a4396f9d995810ea8d4b3145f7a64beb5a1848. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RemcosRAT


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6ed519741bc473365883ef6379a4396f9d995810ea8d4b3145f7a64beb5a1848
SHA3-384 hash: 87cc067a5469069d001afc514bdc4b69723af0610f32c4c1920603739f249c978931a7b9a983cff8d028ef4b6f116bbc
SHA1 hash: 413f486cabfa6f3d14d89dce783e280623bdf58c
MD5 hash: 94deaddcf9ec041fb1353192ecdba6a4
humanhash: four-tennis-fruit-sad
File name:PO08-17062020.IMG
Download: download sample
Signature RemcosRAT
Create hunting rule
File size:1'900'544 bytes
First seen:2020-06-17 18:21:20 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 24576:m88RMlLc25p1sNakyTPouyefk4DJwPPhvAwo:mkFc2guyQbDJwXBA
TLSH F0955C61A2D19833C0231574DD26A368E829FF102939984E3FE97D485F3678DF82679F
Reporter abuse_ch
Tags:img RAT RemcosRAT


Avatar
abuse_ch
Malspam distributing RemcosRAT:

HELO: cloudhost-118159.nl-west-1.nxcli.net
Sending IP: 185.145.13.131
From: Maria <instituto@iaci.es>
Subject: PO#08-17062020
Attachment: PO08-17062020.IMG (contains "PO#08-17062020.scr")

Intelligence

File Origin
# of uploads :
1
# of downloads :
67
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.BorlandDelphi-15
Create hunting rule

Gathering data
Threat name:
Win32.Backdoor.Remcos
Create hunting rule
Status:
Malicious
First seen:
2020-06-17 15:31:40 UTC
AV detection:
18 of 30 (60.00%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=n3krs5a3yrztmwed55rxtjbzn6ozswaq5kguwmkf66tex222dbea._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RemcosRAT

img 6ed519741bc473365883ef6379a4396f9d995810ea8d4b3145f7a64beb5a1848

(this sample)

RemcosRAT

Executable exe 5178316a133ee4ce629f5b31ddc2fdb8fd6ff8a581174c0a21f41d44ebfcd88d

  
Dropping
MD5 2dbfc31d570c7db069024f30fd16af19
  
Dropping
RemcosRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 5178316a133ee4ce629f5b31ddc2fdb8fd6ff8a581174c0a21f41d44ebfcd88d

Comments