MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 737b26b330f6ff5a3987d564fdab9c07d6ab1fd9240a6b8635b213e7dd9ec870. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RemcosRAT


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 737b26b330f6ff5a3987d564fdab9c07d6ab1fd9240a6b8635b213e7dd9ec870
SHA3-384 hash: e4a24f3b5ed591055f7f454c16cf56fed4c46ac8f717b06076bdb2d1419d09ede3728f4b66831b82352d3fd77cd51883
SHA1 hash: a5fcea658e05fccebcd1a92f282f74da9d01d722
MD5 hash: 5f1a76ad1726d7594e32c47026c11114
humanhash: zebra-seven-leopard-mexico
File name:STATEMENT OF ACCOUNT.IMG
Download: download sample
Signature RemcosRAT
Create hunting rule
File size:1'900'544 bytes
First seen:2020-11-28 09:21:32 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 24576:biLDfJXRq+fowpGG7By3Z72mwn8gKmX9hIbEIK:biLr5By3Z7N5gKA
TLSH 2A95D123B1A28435C211A9BD9E1780FD3F75FD627958B50E3BD4AD0C8F3AA80E9151DB
Reporter abuse_ch
Tags:img RemcosRAT


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: slot0.deinflae.com
Sending IP: 45.85.90.138
From: accountspayable@aalco.com
Subject: STATEMENT OF ACCOUNT
Attachment: STATEMENT OF ACCOUNT.IMG (contains "STATEMENT OF ACCOUNT.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
164
Origin country :
n/a
Vendor Threat Intelligence
Result
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/737b26b330f6ff5a3987d564fdab9c07d6ab1fd9240a6b8635b213e7dd9ec870/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-11-28 09:22:18 UTC
AV detection:
19 of 48 (39.58%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=on5snmzq637vuomh2vsp3k44a7lkwh6zeqfgxbrvwij6pxm6zbya._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RemcosRAT

img 737b26b330f6ff5a3987d564fdab9c07d6ab1fd9240a6b8635b213e7dd9ec870

(this sample)

RemcosRAT

Executable exe 0ea3dadb30fa6cad3d1f20d0a63497545b04d9e3ba045b7b6b111322ba79ccb5

  
Dropping
MD5 e93a3ef44184648112f92751609de32a
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 0ea3dadb30fa6cad3d1f20d0a63497545b04d9e3ba045b7b6b111322ba79ccb5

Comments