MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 72d49ddcb1d28ca64ae0ac6e3cb9efd661df0bf4b5613df32f2c51bde727b935. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RemcosRAT

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	72d49ddcb1d28ca64ae0ac6e3cb9efd661df0bf4b5613df32f2c51bde727b935
SHA3-384 hash:	6aa1ba4ca217c6b913a150d3f07607a1c9c2c798b2a7d719f8b8d4665129c8cf869f46edeee1accf342a9e8b30ff6896
SHA1 hash:	0a055edf8973ddb6a929a53b241488d7a4aeafc8
MD5 hash:	21f852ae912befd4084cc9c82cb6a3a0
humanhash:	pennsylvania-steak-hawaii-oklahoma
File name:	Order no 2.rar
Download:	download sample
Signature	RemcosRAT Create hunting rule
File size:	190'381 bytes
First seen:	2021-01-15 15:49:30 UTC
Last seen:	Never
File type:	rar
MIME type:	application/x-rar
ssdeep	3072:y0pxYu8Ldm7+7nc+gmoCOcmd9QkdHbO0Cv8Oz7cVEaNZfZoP0tUtUS/z1EFwtzwh:LpIBm7r+CCBu1dS8Oz7afZoP0tUtUS/A
TLSH	601412A7FA95BCF2EC0BC8D116AFDE6792115EF8756927C62721CDC399C4084D238029
Reporter	abuse_ch
Tags:	Hostwinds rar

abuse_ch

Malspam distributing unidentified malware:

HELO: hwsrv-825280.hostwindsdns.com
Sending IP: 192.236.192.247
From: info@exporteria.com
Subject: Price Quotation Request
Attachment: Order no 2.rar (contains "Order no 2.exe")