MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9d288f2ea49daa4323d1a496c42cbffdfbb148b634345ecc9147265bbdc43491. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 1 File information 2 Yara 2 Comments

SHA256 hash: 9d288f2ea49daa4323d1a496c42cbffdfbb148b634345ecc9147265bbdc43491
SHA3-384 hash: fae39f96ceb07484ddc0ea8ebc8d542c37fdaa8ee67408e7915b3a480464187938f38306c51b009036eeaf1d4c5fbe78
SHA1 hash: 27cdc50b73ce48a9d2e773fbda57fe11a67a1d40
MD5 hash: cd8d11d11a4a2c38bfb1ba89a9e8cef6
humanhash: shade-jig-chicken-lemon
File name:200630 Kloepfel Consulting GmbH.scr
Download: download sample
Signature RemcosRAT
File size:696'320 bytes
First seen:2020-06-30 13:43:33 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 3dbf6c2cd2886e109ef90dcce86638b7
ssdeep 12288:7e7+LHvP79bjBoxHyzKXAzgqGD4YdCIJuxd6Ur5IScz5ISF+gAuA1KzqrRUyqqjJ:qq779bjBoAzKXAPC4vYX/ebP2ocjc
TLSH DFE4CF21B7D0953BDD5B1BB48C0F6AA86C267DA02E99584F3AF80CCE6B7D361342D153
Reporter @abuse_ch
Tags:RAT RemcosRAT scr


Twitter
@abuse_ch
RemcosRAT C2:
coronanancy14-50163.portmap.io:50163

Intelligence


Mail intelligence No data
# of uploads 1
# of downloads 39
Origin country US US
CAPE Sandbox Detection:n/a
Link: https://www.capesandbox.com/analysis/17244/
ClamAV PUA.Win.Adware.Slugin-6803969-0
PUA.Win.Adware.Slugin-6840354-0
CERT.PL MWDB Detection:n/a
Link: https://mwdb.cert.pl/sample/9d288f2ea49daa4323d1a496c42cbffdfbb148b634345ecc9147265bbdc43491/
ReversingLabs :Status:Malicious
Threat name:Win32.Trojan.Noon
First seen:2020-06-30 13:45:04 UTC
AV detection:23 of 31 (74.19%)
Threat level:   5/5
Spamhaus Hash Blocklist :Malicious file
Hatching Triage Score:   10/10
Malware Family:remcos
Link: https://tria.ge/reports/200630-fpvjq7vsen/
Tags:persistence rat family:remcos
Config extraction:coronanancy14-50163.portmap.io:50163
VirusTotal:Virustotal results 19.44%

Yara Signatures


Rule name:ach_RemcosRAT
Author:abuse.ch
Rule name:win_remcos_auto
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RemcosRAT

Executable exe 9d288f2ea49daa4323d1a496c42cbffdfbb148b634345ecc9147265bbdc43491

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments