MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6ee60db86fd13ca9f8148d2ad0fa9447f2cad9567f432a62b3b684fcd070a5c8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RemcosRAT


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6ee60db86fd13ca9f8148d2ad0fa9447f2cad9567f432a62b3b684fcd070a5c8
SHA3-384 hash: e23b204e5a4a36735a1d31ddc6150b3778b1535c953b16bb9baa6649b0c4852be5a4ec4d241e90a691a95124ae4caf87
SHA1 hash: 7af2d358c9cd9a4ae6ea4e2e7658f3c0dbd7f6b0
MD5 hash: f3e15593e3fd613e498f7960fc80ebad
humanhash: black-potato-seventeen-pizza
File name:QUOTATIONs82224_MM_MEGA_MARKET_VIETNAM_COMPANY_LIMITED.arj
Download: download sample
Signature RemcosRAT
Create hunting rule
File size:196'040 bytes
First seen:2020-05-19 08:05:16 UTC
Last seen:Never
File type: arj
MIME type:application/x-rar
ssdeep 3072:Uis5NoDO8YU0bfGERXsOxD290o5a1Dw/oCBZst5wRyf/EZYp0GaDctrav5ePbIou:pKJ8d0xR8F9G1Dw/oCBZss4fcKXftraL
TLSH 031412A22F878D1AED71468DAF7FB861753124C50C0B3545B4AC30C192196EBEBE2F89
Reporter abuse_ch
Tags:arj RAT RemcosRAT


Avatar
abuse_ch
Malspam distributing RemcosRAT:

HELO: gazprominc.pw
Sending IP: 173.82.208.40
From: Nguyn Hoàng Vit Thu <info@gazprominc.pw>
Subject: REQUEST FOR QUOTATION
Attachment: QUOTATIONs82224_MM_MEGA_MARKET_VIETNAM_COMPANY_LIMITED.arj (contains "QUOTATIONs#82224_MM_MEGA_MARKET_VIETNAM_COMPANY_LIMITED.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-19 08:35:56 UTC
File Type:
Binary (Archive)
Extracted files:
27
AV detection:
12 of 48 (25.00%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=n3ta3odp2e6kt6auruvnb6uui7zmvwkwp5bsuyvtw2cpzudquxea._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RemcosRAT

arj 6ee60db86fd13ca9f8148d2ad0fa9447f2cad9567f432a62b3b684fcd070a5c8

(this sample)

RemcosRAT

Executable exe 40838317f53ebe7b37fab29e95826e44ffd7eb7b349e8bed0f5d7ae5db013df1

  
Dropping
MD5 3b0804458d227f018df0be56d1f8abbf
  
Dropping
RemcosRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 40838317f53ebe7b37fab29e95826e44ffd7eb7b349e8bed0f5d7ae5db013df1

Comments