MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7d88086a02dc7a7bf54c9e8b86500ea59dca25e856bbb779473692c638ff9902. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RemcosRAT


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7d88086a02dc7a7bf54c9e8b86500ea59dca25e856bbb779473692c638ff9902
SHA3-384 hash: 287dc4e3db0a7093e4c8e0c2edd0a6533f61d05b61d44cd6bf5ccb8604a063be7d069e4a3dcc996f3f5aa494123badb0
SHA1 hash: 79e1743903e8ca7a2183131d7399052743e8bcb6
MD5 hash: 2e689f9bd66b22fb21fa2783714687dc
humanhash: fix-speaker-river-lima
File name:INVOICE DE BANQUE GALORE TES3.zip
Download: download sample
Signature RemcosRAT
Create hunting rule
File size:425'113 bytes
First seen:2020-10-08 13:11:21 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:+J+VqkTRpxlo8dgFb32G0T72iHNkCVRI1Mcxf7Q/ReI9rKCQCo1vKvmg:+J+VxdGGPjkC7I1Mcm8I54CJmg
TLSH 17942328A0B8BC4DF7B60856DFC7EF08AD917D4C7659456B1EABAD1CCE362EE9005C10
Reporter abuse_ch
Tags:nVpn RAT RemcosRAT zip


Avatar
abuse_ch
Malspam distributing RemcosRAT:

HELO: pro28.emailserver.vn
Sending IP: 103.15.48.248
From: DS Smith <admin@cgco.com.vn>
Subject: PLEASE TREAT AS URGENT-FINAL INVOICE FOR MT25
Attachment: INVOICE DE BANQUE GALORE TES3.zip (contains "INVOICE DE BANQUE GALORE TES3.exe")

RemcosRAT C2:
23.105.131.157:62084

Intelligence

File Origin
# of uploads :
1
# of downloads :
90
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7d88086a02dc7a7bf54c9e8b86500ea59dca25e856bbb779473692c638ff9902/
Threat name:
Win32.Trojan.LokiBot
Create hunting rule
Status:
Malicious
First seen:
2020-10-08 06:14:22 UTC
AV detection:
24 of 29 (82.76%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=pweaq2qc3r5hx5kmt2fymuaouwo4ujpik253o6khg2jmmoh7teba._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/7d88086a02dc7a7bf54c9e8b86500ea59dca25e856bbb779473692c638ff9902

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RemcosRAT

zip 7d88086a02dc7a7bf54c9e8b86500ea59dca25e856bbb779473692c638ff9902

(this sample)

RemcosRAT

Executable exe bf7daffb305f782ab2a5744978ed4f3307872c83af09b298410dc3abf85f4d2c

  
Dropping
MD5 227fcaa1401145a5eee5a23806d462e0
  
Dropping
RemcosRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 bf7daffb305f782ab2a5744978ed4f3307872c83af09b298410dc3abf85f4d2c

Comments