MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7f9b49f412ff73f718feeca0ed96b14f6f1125158aa94bd4b4d24f74a181b50b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RemcosRAT


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7f9b49f412ff73f718feeca0ed96b14f6f1125158aa94bd4b4d24f74a181b50b
SHA3-384 hash: c85803a85cd145b3631df01ea19de2897b5cd5de8f6b6e1fcf641e64824f6c9f0c4d225f3f475253db5f90b485942b7c
SHA1 hash: 6157068bbc76daff592816e6d7e33f1aa633e251
MD5 hash: 2855b40546721b47545ae09d17a4c0e4
humanhash: december-dakota-west-seventeen
File name:Serfinanza_Adjunto_519031054904831346157241195_56508789676848804728771_5863236621189486284042048776_
Download: download sample
Signature RemcosRAT
Create hunting rule
File size:191'023 bytes
First seen:2020-12-30 09:13:55 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 3072:VzP1cRW0cITi85bY92HSt9ud0HPPC7K3IdmLW8msOSERyCduuloWvTwOc7pGSyF:VzNyWkioRo9ue0oLFOS67ZTVKpXyF
TLSH EC1422FE36E0AAD7553DE34A33A1D0B667EFFA3BDC1E369445E8329611D07244B06150
Reporter abuse_ch
Tags:ESP geo Outlook RAT RemcosRAT


Avatar
abuse_ch
Malspam distributing RemcosRAT:

HELO: NAM11-DM6-obe.outbound.protection.outlook.com
Sending IP: 40.92.19.35
From: info. Extracto <tesoreria51procolombia@outlook.es>
Subject: FACTURA EN MORA, REPORTE NEGATIVO EN DATACREDITO
Attachment: Serfinanza_Adjunto_519031054904831346157241195_56508789676848804728771_5863236621189486284042048776_ (contains "Serfinanza_Adjunto_519031054904831346157241195_56508789676848804728771_5863236621189486284042048776_6472567995516717195390_pdf.exe")

RemcosRAT C2:
databasepropersonombrecomercialideasearchwords.services

Intelligence

File Origin
# of uploads :
1
# of downloads :
367
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Mal.DrodRar-A.17319.10536.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7f9b49f412ff73f718feeca0ed96b14f6f1125158aa94bd4b4d24f74a181b50b/
Threat name:
ByteCode-MSIL.Backdoor.Remcos
Create hunting rule
Status:
Malicious
First seen:
2020-12-30 09:14:07 UTC
AV detection:
7 of 48 (14.58%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=p6nut5as75z7ogh65sqo3fvrj5xrcjivrkuuxvfu2jhxjimbwufq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RemcosRAT

rar 7f9b49f412ff73f718feeca0ed96b14f6f1125158aa94bd4b4d24f74a181b50b

(this sample)

RemcosRAT

Executable exe c40f80c23d8ff7cf3f28c2959f7017ac88cc12f7df50669c341a9a5add4bf76a

  
Dropping
MD5 75edb7694cc730e726f76c1b7d66e7aa
  
Dropping
RemcosRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c40f80c23d8ff7cf3f28c2959f7017ac88cc12f7df50669c341a9a5add4bf76a

Comments