MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9b1fa9ed31674ba240393dbdca2a9828596c0263bfad536799ae2b019bdc47a1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 1 File information 4 Yara Comments

SHA256 hash: 9b1fa9ed31674ba240393dbdca2a9828596c0263bfad536799ae2b019bdc47a1
SHA1 hash: ff2a1439ea8780902bd14f6fe6083663353a2218
MD5 hash: 09b8027dd2b03e2970f70ac8a4672631
File name:PO87155-05232020.IMG
Download: download sample
Signature RemcosRAT
File size:1'245'184 bytes
First seen:2020-05-23 11:57:56 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 6144:lPF3GLJImiaJE64FWsF6/CoRwUj4hyDyC0kZKV6DVht1:lPF3GLMtmKTyIymkso
TLSH 48459C2D439CAA5BD6BD77B9D4D54108E2F68DAF7119E38AEC4A30E51B3B343E802147
Reporter @abuse_ch
Tags:img RAT RemcosRAT


Twitter
@abuse_ch
Malspam distributing RemcosRAT:

HELO: server.rentabilizandonegocios.com
Sending IP: 185.50.199.142
From: Aadrik Banerjee <info@satco.sa>
Subject: #PO87155-05232020
Attachment: PO87155-05232020.IMG (contains "PO87155-05232020.scr")

RemcosRAT C2:
206.123.129.103:4565

Intelligence


Mail intelligence
Trap location Impact
Global Low
# of uploads 1
# of downloads 21
Origin country US US
ClamAV SecuriteInfo.com.MSIL.Kryptik.UCB.9685.UNOFFICIAL
VirusTotal:Virustotal results 11.48%

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RemcosRAT

img 9b1fa9ed31674ba240393dbdca2a9828596c0263bfad536799ae2b019bdc47a1

(this sample)

  
Dropping
RemcosRAT
  
Delivery method
Distributed via e-mail attachment

Comments