MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 828b5e900fe707ed2e0614fcaa0e566c89f8beb8dcb431183f6981518b973fbd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RemcosRAT


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 828b5e900fe707ed2e0614fcaa0e566c89f8beb8dcb431183f6981518b973fbd
SHA3-384 hash: 0cd2df9908c8fe08029f1ab7017bfd1660c72ba518b1c9fd7fdb7db8f612ca185fc2bed7e6ab2d1b2579c25d18622ecf
SHA1 hash: 32bb59d9c85e655d26b3391bddab87918112c674
MD5 hash: 2b3571045fab1c72d5bdb0bdf16655ec
humanhash: sierra-hot-early-blue
File name:KRAHN PURCHASE ORDER_102120,pdf.iso
Download: download sample
Signature RemcosRAT
Create hunting rule
File size:1'128'448 bytes
First seen:2020-10-21 10:10:49 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 12288:3hVKeF40BRicbRToD1whMmvlThTD3mG91gX2jU6vK4fMsdF6eID:3hU0RicG6b9T17mG9uX2NKDkF6zD
TLSH 46356C627290C332D072C6B9CD5EA6787599FE40ED287846F7EC7D4A6F35E81202B247
Reporter abuse_ch
Tags:iso RemcosRAT


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: s7.itlinkonline.com
Sending IP: 95.217.94.194
From: KRAHN Chemie Deutschland GmbH <sales.de@krahn.eu>
Subject: KRAHN PO_102120
Attachment: KRAHN PURCHASE ORDER_102120,pdf.iso (contains "KRAHN PURCHASE ORDER_102120,pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
59
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Artemis40C354B68313.10960.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/828b5e900fe707ed2e0614fcaa0e566c89f8beb8dcb431183f6981518b973fbd/
Threat name:
Win32.Trojan.Skeeyah
Create hunting rule
Status:
Malicious
First seen:
2020-10-21 09:33:43 UTC
AV detection:
15 of 28 (53.57%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=qkfv5eap44d62lqgct6kudswnse7rpvy3s2dcgb7ngavdc4xh66q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RemcosRAT

iso 828b5e900fe707ed2e0614fcaa0e566c89f8beb8dcb431183f6981518b973fbd

(this sample)

RemcosRAT

Executable exe 5b6f4a000f03183f2bbbebf07130189f5f5b9617dba37f9b90980ec228ba8180

  
Dropping
MD5 2d5deefb5eb5d7d4d7edf6e0e3d94ada
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 5b6f4a000f03183f2bbbebf07130189f5f5b9617dba37f9b90980ec228ba8180

Comments