MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7add6350f70b99581a03183bd260bcf41c5e9efa284c48263d86f21caf8c042e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RemcosRAT


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7add6350f70b99581a03183bd260bcf41c5e9efa284c48263d86f21caf8c042e
SHA3-384 hash: 8d4b9693fc9fd9abe38215c954404efd5c48f3f405857e907dc788d47939baa252b2de94da3ef9c8b71258e300bab526
SHA1 hash: a3b59c7f9db47bf9d25ed1093938d360455ba75f
MD5 hash: ea7309cd7cf28d7246cc6d8e1a5075f1
humanhash: oven-saturn-connecticut-helium
File name:Extracto_Adjunto_575335140974482750538658_9084247281065518948_520502051621730356095293964768_7338852
Download: download sample
Signature RemcosRAT
Create hunting rule
File size:181'170 bytes
First seen:2020-12-28 08:01:39 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 3072:P+6acuX9z7DN1JuuTky3Pm2W5SlnzCiHWG9bpraJzxx/yJMQ3BOEkD82/pXaX:bmNzvN1JuuTe2/zSGeJlxOz3UBKX
TLSH 610412A2B588DAE2052AC8D91096E3BD347312FE319EB71A30CF4EC15E979D11C671D7
Reporter abuse_ch
Tags:ESP geo Outlook RAT RemcosRAT


Avatar
abuse_ch
Malspam distributing RemcosRAT:

HELO: NAM11-BN8-obe.outbound.protection.outlook.com
Sending IP: 40.92.20.37
From: info. Extracto <tesoreria77procolombia@outlook.es>
Subject: FACTURA EN MORA, REPORTE NEGATIVO EN DATACREDITO
Attachment: Extracto_Adjunto_575335140974482750538658_9084247281065518948_520502051621730356095293964768_7338852 (contains "Extracto_Adjunto_575335140974482750538658_9084247281065518948_520502051621730356095293964768_7338852805637669935222645_pdf.exe")

RemcosRAT C2:
databasepropersonombrecomercialideasearchwords.services

Intelligence

File Origin
# of uploads :
1
# of downloads :
500
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7add6350f70b99581a03183bd260bcf41c5e9efa284c48263d86f21caf8c042e/
Threat name:
ByteCode-MSIL.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2020-12-28 08:02:08 UTC
AV detection:
7 of 46 (15.22%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=plowguhxbomvqgqdda55eyf46qof5hx2fbgeqjr5q3zbzl4maqxa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/7add6350f70b99581a03183bd260bcf41c5e9efa284c48263d86f21caf8c042e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RemcosRAT

rar 7add6350f70b99581a03183bd260bcf41c5e9efa284c48263d86f21caf8c042e

(this sample)

RemcosRAT

Executable exe 7fbc66a1484382bd80fc757b9b0fd0e27f47e99d0cccb5c6a101597af82593fa

  
Dropping
MD5 ca49e6c9201fc0829a47d7e95901417e
  
Dropping
RemcosRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 7fbc66a1484382bd80fc757b9b0fd0e27f47e99d0cccb5c6a101597af82593fa

Comments