MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 97c45af0846e77c53cbe4bbfc77e8951d901b9f936ee43a84ff4264931af8312. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RemcosRAT


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 97c45af0846e77c53cbe4bbfc77e8951d901b9f936ee43a84ff4264931af8312
SHA3-384 hash: 17c60dfc012081b4289fa29f29fcf698cca77cb5bca6fcb5f9aa7fb1090bfd7477e63bdd676471be0af6caf77e177281
SHA1 hash: 48fa883d9f37ba5aea9bf24f2cb1c556b1abb437
MD5 hash: 53cb599b6e336b1d9985b705eed200a0
humanhash: october-blossom-papa-tennessee
File name:20NS10-A-R 20-9-7,pdf.zip
Download: download sample
Signature RemcosRAT
Create hunting rule
File size:397'417 bytes
First seen:2020-10-21 10:44:02 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:QOPomkDgT+XkwFXoZFbLKV1FcFC+j7vklgyo9NDFSZO+fN:BomkDPXYZpQcFCW7vklSQ
TLSH 968423541DAF754B7FA3E3F061752D38B11B89683C5937B885BE34929CB2E48E70834A
Reporter abuse_ch
Tags:RAT RemcosRAT zip


Avatar
abuse_ch
Malspam distributing RemcosRAT:

HELO: llsk284-a17.servidoresdns.net
Sending IP: 82.223.190.42
From: "Konstantinidis Michalis"<jgenaro@pernoscorona.net>
Subject: PO 14704 - MEL - 20' TC Reefer / Sailing Schedule
Attachment: 20NS10-A-R 20-9-7,pdf.zip (contains "20NS10-A-R 20-9-7,pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
71
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.26176.ZipHeur.BadExt.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/97c45af0846e77c53cbe4bbfc77e8951d901b9f936ee43a84ff4264931af8312/
Threat name:
Win32.Trojan.Zmutzy
Create hunting rule
Status:
Malicious
First seen:
2020-10-21 10:45:06 UTC
AV detection:
6 of 48 (12.50%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=s7cfv4eenz34kpf6jo74o7ujkhmqdopzg3xehkcp6qtesmnpqmja._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RemcosRAT

zip 97c45af0846e77c53cbe4bbfc77e8951d901b9f936ee43a84ff4264931af8312

(this sample)

RemcosRAT

Executable exe 7a6f6659840dc30d797d816e1b2bbeb847c36c2e330fe45369b9037a113e8bc6

  
Dropping
MD5 000729ee21ab4655b1a7ea7c772ca042
  
Dropping
RemcosRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 7a6f6659840dc30d797d816e1b2bbeb847c36c2e330fe45369b9037a113e8bc6

Comments