MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a2023f37af520a842942bb67879acea7bd527ba36953d4be63fe05b0bc7811cd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RemcosRAT


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a2023f37af520a842942bb67879acea7bd527ba36953d4be63fe05b0bc7811cd
SHA3-384 hash: 08e549040f35bf7829cd6e978abd84c330ac5803a127623adddd3bcfbd1ad196d6d3947ea31e54fb707e125c38f8f5e3
SHA1 hash: e529ccf0239fbb5c45e187c5f88a44490b4b7a6d
MD5 hash: 8c164f228b31ade4e8799d101998c1e3
humanhash: tennessee-seventeen-island-december
File name:Payment Slip Invoice 154-pdf.gz
Download: download sample
Signature RemcosRAT
Create hunting rule
File size:373'223 bytes
First seen:2020-05-20 17:47:06 UTC
Last seen:2020-05-21 08:04:23 UTC
File type: gz
MIME type:application/x-rar
ssdeep 6144:0/RqJy8X/qgX3XMG8HZ9twjbVDgj2cB1guZZqD+Gt2skc0/dHBbLzX3InbKhMf:vU8vBuZ9twf17clZZt490bLrIn2hG
TLSH 4E8423B1D0C6C5C40871299CCA8B703F1FBC6CB674A74659A7D3A306549E2C714AAFEB
Reporter abuse_ch
Tags:gz RAT RemcosRAT


Avatar
abuse_ch
Malspam distributing RemcosRAT:

HELO: node.com
Sending IP: 173.82.202.166
From: Anderson K<anderson@tammynpeterson.us>
Subject: Payment for Invoce N.154
Attachment: Payment Slip Invoice 154-pdf.gz (contains "Payment Slip Invoice 154-pdf.exe")

Intelligence

File Origin
# of uploads :
2
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Delf
Create hunting rule
Status:
Malicious
First seen:
2020-05-20 18:35:44 UTC
File Type:
Binary (Archive)
Extracted files:
24
AV detection:
14 of 31 (45.16%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=uibd6n5pkifiikkcxntypgwou66ve65dnfj5jptd7yc3bpdychgq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RemcosRAT

gz a2023f37af520a842942bb67879acea7bd527ba36953d4be63fe05b0bc7811cd

(this sample)

RemcosRAT

Executable exe 654dcb8cbaca77d6679523c36f44ea656e39a97ce7e4d6f91b089fe8d54f9787

  
Dropping
MD5 2973191282734f786aa482df0bf9bc61
  
Dropping
RemcosRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 654dcb8cbaca77d6679523c36f44ea656e39a97ce7e4d6f91b089fe8d54f9787

Comments