MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9925a2dc52dc8375a39183f4961b6f3736a1d72d6684db613d7c860e61ecf069. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RemcosRAT


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9925a2dc52dc8375a39183f4961b6f3736a1d72d6684db613d7c860e61ecf069
SHA3-384 hash: ef468e8ef4eabf1cee70504df29cb1260a5364c07c8b6f91527fca0a400228257ae751121c4fdde822039f779301b52c
SHA1 hash: 4e1f06eae0a1a852eba818dbe8b98983afcf96ff
MD5 hash: 7f154b440232d9ae4d2ffa2111cd8214
humanhash: robert-mockingbird-double-texas
File name:Parker-Processing Price List Quotation,pdf.iso
Download: download sample
Signature RemcosRAT
Create hunting rule
File size:794'624 bytes
First seen:2020-06-03 08:19:25 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 12288:VVa3OouGLMvxj4ZV0Ebhs34epfCAyrWThyzfYQ9YYJHdf6:VVdouXxjWSEbhsba6Th4v3Jd
TLSH 72F48E33F6904437D22329799C0BA7B5A93ABE113E24AA4637ECCD9C4F7D7417529283
Reporter abuse_ch
Tags:iso RAT RemcosRAT


Avatar
abuse_ch
Malspam distributing RemcosRAT:

HELO: cloudhost-162107.uk-south-2.nxcli.net
Sending IP: 165.84.219.121
From: Vu Thi Hien <hien-vt@parker.com.vn>
Subject: RE: Price List Quotation
Attachment: Parker-Processing Price List Quotation,pdf.iso (contains "Parker-Processing Price List Quotation,pdf.exe")

RemcosRAT C2:
nagod.ddns.net:8811 (216.38.7.231)

Intelligence

File Origin
# of uploads :
1
# of downloads :
54
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-06-03 13:05:29 UTC
AV detection:
16 of 48 (33.33%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=tes2fxcs3sbxli4rqp2jmg3pg43kdvznm2cnwyj5psda4ypm6buq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RemcosRAT

iso 9925a2dc52dc8375a39183f4961b6f3736a1d72d6684db613d7c860e61ecf069

(this sample)

RemcosRAT

Executable exe c7095f2c5ed61c9d667c69aba9d9bc5b87b93f7fad5f49b1d5c66c4eb11b745e

  
Dropping
MD5 f2ddacfda1b417c70ab76a1c700206cc
  
Dropping
RemcosRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c7095f2c5ed61c9d667c69aba9d9bc5b87b93f7fad5f49b1d5c66c4eb11b745e

Comments