MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 92b74816e8e609f044a65b471fcb3b51964548ab832cf3d72c510fab5f781a00. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RemcosRAT


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 92b74816e8e609f044a65b471fcb3b51964548ab832cf3d72c510fab5f781a00
SHA3-384 hash: ce0374c2c65d07108edabae793348d6e2ff1da51b035a67238d1e86448cdfae3060b5d2b0652c76e4043ab2b11b589bb
SHA1 hash: ab89504d4652edc3df8ca4d5e3a3d054709c3c91
MD5 hash: 8093665d7876a336fa9555f52f3de18c
humanhash: mirror-equal-robin-two
File name:2nd INVOICE FOR SMT NCPH.zip
Download: download sample
Signature RemcosRAT
Create hunting rule
File size:451'322 bytes
First seen:2020-10-07 17:16:45 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:A/qX9ZLqMDpA4bz3SOgnsQi+TvH78PWjCRVA4bZ:Su9V3DGE3SLnViqb8D7hbZ
TLSH 14A423CC6872476C7B2FD8347382FD948ED45042A1BD2623BB68BCFB6617DA04476953
Reporter abuse_ch
Tags:nVpn RAT RemcosRAT zip


Avatar
abuse_ch
Malspam distributing RemcosRAT:

HELO: pro28.emailserver.vn
Sending IP: 103.15.48.248
From: DS Smith <admin@cgco.com.vn>
Subject: PLEASE TREAT AS URGENT-FINAL INVOICE FOR MT25
Attachment: 2nd INVOICE FOR SMT NCPH.zip (contains "2nd INVOICE FOR SMT NCPH.exe")

RemcosRAT C2:
23.105.131.157:62084

Intelligence

File Origin
# of uploads :
1
# of downloads :
118
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/92b74816e8e609f044a65b471fcb3b51964548ab832cf3d72c510fab5f781a00/
Threat name:
Win32.Trojan.LokiBot
Create hunting rule
Status:
Malicious
First seen:
2020-10-07 16:58:56 UTC
AV detection:
18 of 48 (37.50%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=sk3uqfxi4ye7arfglndr7sz3kgleksflqmwphvzmkeh2wx3ydiaa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/92b74816e8e609f044a65b471fcb3b51964548ab832cf3d72c510fab5f781a00

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RemcosRAT

zip 92b74816e8e609f044a65b471fcb3b51964548ab832cf3d72c510fab5f781a00

(this sample)

RemcosRAT

Executable exe 763d415415add2ffc6d482373e211c8c8b647ee46ade5e8dacce10f79d515e2b

  
Dropping
MD5 122cb8f14b324667bd5c1e5905e07a78
  
Dropping
RemcosRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 763d415415add2ffc6d482373e211c8c8b647ee46ade5e8dacce10f79d515e2b

Comments