MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9414fa2c6ee491dcd25c4266b67d29da01c918a13803419890e5f282bc371ff9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RemcosRAT


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9414fa2c6ee491dcd25c4266b67d29da01c918a13803419890e5f282bc371ff9
SHA3-384 hash: b01529e802d88e62efc1d7166d1f2bf25964e38adfa47be03476cf3a15b91b9da6630d7b09595dbb5102bc09dae98315
SHA1 hash: d9439642a55f91f8efd26893dbf47d74aad79a07
MD5 hash: 69989c33b50d5e350c89aa4f71e23edb
humanhash: monkey-montana-moon-item
File name:Attachment1.iso
Download: download sample
Signature RemcosRAT
Create hunting rule
File size:1'441'792 bytes
First seen:2021-03-04 15:26:50 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 12288:raefnCzDZeGMM2uv/tuyOLnSTspTZzTlWQv9Q2ZwHRUhLCKWgjj:r5/cZeGMMDv/t4rSTUVwQF/KHRGWY
TLSH 35658DF2A3914432C3921F350C2B73E76939BAE125D9A04ABAFD5D0C6F3D6D33929095
Reporter abuse_ch
Tags:DHL iso RAT RemcosRAT


Avatar
abuse_ch
Malspam distributing RemcosRAT:

HELO: mail.issuedelivery.xyz
Sending IP: 161.97.147.167
From: Dhl Customer Support <dhl@orderstop.xyz>
Subject: Delivery Failed
Attachment: Attachment1.iso (contains "Document (2).exe")

RemcosRAT C2:
bruno.camdvr.org

Intelligence

File Origin
# of uploads :
1
# of downloads :
329
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Iso_fs1729.UNOFFICIAL
Create hunting rule

Win.Dropper.Fareit-9838621-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9414fa2c6ee491dcd25c4266b67d29da01c918a13803419890e5f282bc371ff9/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2021-03-04 15:27:08 UTC
AV detection:
10 of 48 (20.83%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=sqkpuldo4si5zus4ijtlm7jj3ia4sgfbhabudgeq4xzifpbxd74q._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/9414fa2c6ee491dcd25c4266b67d29da01c918a13803419890e5f282bc371ff9

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RemcosRAT

iso 9414fa2c6ee491dcd25c4266b67d29da01c918a13803419890e5f282bc371ff9

(this sample)

RemcosRAT

Executable exe 604bc26afab3f25d1c4d98e45872e798eef3061cc8720be0db28d900bddb277c

  
Dropping
MD5 ec7468402d496a82ac08fa2402827ab2
  
Dropping
RemcosRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 604bc26afab3f25d1c4d98e45872e798eef3061cc8720be0db28d900bddb277c

Comments