MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8c679f46f8ffd45dd4dec3b21c35b50172be5e03e7b5b5f9ccae2ea47e3860b6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RemcosRAT


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8c679f46f8ffd45dd4dec3b21c35b50172be5e03e7b5b5f9ccae2ea47e3860b6
SHA3-384 hash: 119803c9c08fd2994f1eaf90f4e520512db3ffbf79cfab976d456469db02eca11456abb441c57b15f361c223c4ec41da
SHA1 hash: 466d231a7b685e120f0c59a3b263c43fa2c2b829
MD5 hash: 6969f7bf775b91321e7978aa7dfcef9a
humanhash: romeo-undress-mobile-leopard
File name:Formal PO POWN200303885GSN,pdf.iso
Download: download sample
Signature RemcosRAT
Create hunting rule
File size:983'040 bytes
First seen:2020-05-19 06:09:27 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 12288:MdvX6zWt8YVrL4fjlkNhIvgwGHd3jxv9A7BwkItGkWtK+Zd2QOf4yDA4B3Gc6pOP:M8qEfyIFGHFls4tYj+Rko2XpONR08
TLSH C3257D62F2D08433C123297D9D1B97A49D3ABE613E542C467BEC6D4C4F3A792343A297
Reporter abuse_ch
Tags:iso RAT RemcosRAT


Avatar
abuse_ch
Malspam distributing RemcosRAT:

HELO: fenix.gigabits.cl
Sending IP: 186.67.77.198
From: Nelly Juarez Reyes <orders@assaymatrix.com>
Subject: RE: Formal PO # POWN200303885/GSN
Attachment: Formal PO POWN200303885GSN,pdf.iso (contains "Formal PO # POWN200303885GSN,pdf.exe")

RemcosRAT C2:
nagod.ddns.net (216.38.7.231)

Intelligence

File Origin
# of uploads :
1
# of downloads :
78
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.BorlandDelphi-15
Create hunting rule

PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Delf
Create hunting rule
Status:
Malicious
First seen:
2020-05-19 06:36:55 UTC
File Type:
Binary (Archive)
Extracted files:
98
AV detection:
19 of 48 (39.58%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=rrtz6rxy77kf3vg6yozbynnvafzl4xqd4623l6omvyxki7rymc3a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RemcosRAT

iso 8c679f46f8ffd45dd4dec3b21c35b50172be5e03e7b5b5f9ccae2ea47e3860b6

(this sample)

RemcosRAT

Executable exe 663921e0ebe32e8c57da404739f780f14ce4e9a86c13d47530e25649df2324d8

  
Dropping
MD5 13902b68f0a2e0668f7ab0835892a171
  
Dropping
RemcosRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 663921e0ebe32e8c57da404739f780f14ce4e9a86c13d47530e25649df2324d8

Comments