MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 940344ab80978b3654452a15c6a998ce5f76ffd540cd42ab864c33e44bf4ed68. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RemcosRAT


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 940344ab80978b3654452a15c6a998ce5f76ffd540cd42ab864c33e44bf4ed68
SHA3-384 hash: d5e3c0e45cffec584b084cf91248d718ca5b9a3a6757e734e8768ed0af886ae7c42005430bc0d95684791fc8da199dd7
SHA1 hash: 9fa7f9fc0186179b53eb5ed51b2ae8cfa8a9dc13
MD5 hash: 74d6799e9a29182d9b84c018bbe94ad3
humanhash: spring-blossom-island-coffee
File name:PO-1912679 De La Nueva Confirmación de Pedido,pdf.iso
Download: download sample
Signature RemcosRAT
Create hunting rule
File size:866'304 bytes
First seen:2020-06-03 15:33:05 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 12288:YTLsqD0iSR50gLgzG/tixxBz4AvQFGXEuj3bzOOikh:YTo2SRugLvi5zJIMfj3
TLSH 74059D62F7A044B7D1371B39DC0B9AB8A43BBD116D38554A26EABC0C9F362873537193
Reporter abuse_ch
Tags:iso RAT RemcosRAT


Avatar
abuse_ch
Malspam distributing RemcosRAT:

HELO: cloudhost-162107.uk-south-2.nxcli.net
Sending IP: 165.84.219.121
From: ZEPPELIN COMPANY <info@zeppelin-la.com>
Subject: RE: RE: Confirmación del pedido
Attachment: PO-1912679 De La Nueva Confirmación de Pedido,pdf.iso (contains "PO-1912679 De La Nueva Confirmación de Pedido,pdf.exe")

RemcosRAT C2:
nagod.ddns.net:8811 (216.38.7.231)

Intelligence

File Origin
# of uploads :
1
# of downloads :
60
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Geniso
Create hunting rule
Status:
Malicious
First seen:
2020-06-04 01:01:00 UTC
AV detection:
13 of 31 (41.94%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=sqbujk4as6ftmvcffik4nkmyzzpxn76vidgufk4gjqz6is7u5vua._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RemcosRAT

iso 940344ab80978b3654452a15c6a998ce5f76ffd540cd42ab864c33e44bf4ed68

(this sample)

RemcosRAT

Executable exe 3ea4fb15ddf420fa1e6f2212145d84cf85e92c525d5ed25a8465a7c6c294878b

  
Dropping
MD5 317531d5ce8f2b63eacc9c45da792e48
  
Dropping
RemcosRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 3ea4fb15ddf420fa1e6f2212145d84cf85e92c525d5ed25a8465a7c6c294878b

Comments