MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 75dbeb9d3c43cf8ad17eca74dc39bd0d230731df3e37a5aa4cad4717bfd7e163. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RemcosRAT

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	75dbeb9d3c43cf8ad17eca74dc39bd0d230731df3e37a5aa4cad4717bfd7e163
SHA3-384 hash:	fc2be70d7f597ec97541899dfb4b72576ea363775efcf2fede7592d306a964942c58a682e09dc0253906468a0e3d1754
SHA1 hash:	87df336d9f30685bcfeafde109f88881322535dd
MD5 hash:	299a974949fea5806eb1d797ee7ca3f8
humanhash:	twelve-fillet-social-hawaii
File name:	Vessel particulars.zip
Download:	download sample
Signature	RemcosRAT Create hunting rule
File size:	39'351 bytes
First seen:	2020-12-15 18:07:30 UTC
Last seen:	2020-12-23 03:18:31 UTC
File type:	zip
MIME type:	application/zip
ssdeep	768:JdtIcV4574b3rz7srfxqrT60NhqVlNJBtVMbFM1niERy2WdFefd0ezCY:ZU570f4rJ2G3m1EAdFefd03Y
TLSH	6703F13CF32AE5B793210865DF4A135DA36CC8A47EA230278510B6F5C0B25C9D6B77D9
Reporter	GovCERT_CH
Tags:	RemcosRAT

Intelligence

File Origin

# of uploads :

13

# of downloads :

204

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

Sanesecurity.Foxhole.Zip_fs348.UNOFFICIAL

Win.Malware.Rescoms-6598304-0

Win.Malware.Zusy-6832224-0

Win.Malware.Azden-7587127-0

Win.Trojan.Remcos-9753190-0

Result

Gathering data

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/75dbeb9d3c43cf8ad17eca74dc39bd0d230731df3e37a5aa4cad4717bfd7e163/

Threat name:

Win32.Backdoor.Rescoms

Status:

Malicious

First seen:

2020-12-15 08:51:15 UTC

AV detection:

25 of 29 (86.21%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=oxn6xhj4iphyvul6zj2nyon5burqomo7hy32lksmvvdrpp6x4frq._file

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Remcos

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/75dbeb9d3c43cf8ad17eca74dc39bd0d230731df3e37a5aa4cad4717bfd7e163

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip 75dbeb9d3c43cf8ad17eca74dc39bd0d230731df3e37a5aa4cad4717bfd7e163

(this sample)

exe fba79edaa01a2f2e1175412044ac38291573e2fa5681ac8083824f285be58ea6

Dropped by

RemcosRAT

Delivery method

Distributed via e-mail attachment

Dropping

SHA256 fba79edaa01a2f2e1175412044ac38291573e2fa5681ac8083824f285be58ea6

Dropping

MD5 ca705aef9cc8a7b02f56acfa5869d4fb

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample