MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7c8770273774eee5b3ea7cb745ec4c05b98db8a2c383afda959e20f9983d5aba. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RemcosRAT


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7c8770273774eee5b3ea7cb745ec4c05b98db8a2c383afda959e20f9983d5aba
SHA3-384 hash: 2ddd9e128edee6c622a548e7cd8dc150390bf90d9d65bed023ed4954a2381ac14c961229a85e83919e85c198373bb7dc
SHA1 hash: c1646650ac4d17dcc2eab611c97c27ca31c7f26c
MD5 hash: c67f0be99d5a51ad5bb22eb906a40e7d
humanhash: two-king-bulldog-nebraska
File name:QUOTATION REQUEST_20210305.ISO
Download: download sample
Signature RemcosRAT
Create hunting rule
File size:1'245'184 bytes
First seen:2021-03-06 06:03:44 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 12288:+BRp10LxQWz5CqiwSC2KUBxv5Bil9/3mRXTcotqtybTMhXZY8K9cB6ZGRr2qD2ni:+uBzHiHC2+3yXptqAuM9cIZGn
TLSH 1F45F1406B505290EFEC5BF45116D4C41361A09A1C9FE3282D4AA0ED2EFEB6E74E7CE7
Reporter abuse_ch
Tags:iso RAT RemcosRAT


Avatar
abuse_ch
Malspam distributing RemcosRAT:

HELO: slot0.allamaan-ae.com
Sending IP: 194.31.96.130
From: SALES04 <order@allamaan-ae.com>
Subject: RE: RFQ/AFTER SAMPLE TEST ORDER (QUOTATION REQUEST)
Attachment: QUOTATION REQUEST_20210305.ISO (contains "QUOTATION REQUEST.exe")

RemcosRAT C2:
awwes-antivirus.duckdns.org

Intelligence

File Origin
# of uploads :
1
# of downloads :
179
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.45842459.2828.29636.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7c8770273774eee5b3ea7cb745ec4c05b98db8a2c383afda959e20f9983d5aba/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-03-05 19:59:21 UTC
AV detection:
9 of 47 (19.15%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=psdxajzxotxolm7kps3ul3cmaw4y3ofcyob27wuvtyqptgb5lk5a._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/7c8770273774eee5b3ea7cb745ec4c05b98db8a2c383afda959e20f9983d5aba

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RemcosRAT

iso 7c8770273774eee5b3ea7cb745ec4c05b98db8a2c383afda959e20f9983d5aba

(this sample)

RemcosRAT

Executable exe e4e47b27c701e89ac6a550ab1f8ecb6058c79d9f9bca9a56ec71e3baf01dc545

  
Dropping
MD5 4fb1dc3bdbdb30872a97b942cf5a3194
  
Dropping
RemcosRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e4e47b27c701e89ac6a550ab1f8ecb6058c79d9f9bca9a56ec71e3baf01dc545

Comments