MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a6556d1518c9aad6443da0c1d1828de326944cc75890f6c237719ee3f68d87e8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RemcosRAT

Vendor detections: 7

Intelligence 7 IOCs YARA 2 File information Comments

SHA256 hash:	a6556d1518c9aad6443da0c1d1828de326944cc75890f6c237719ee3f68d87e8
SHA3-384 hash:	33e6b86ca43ce7c0dd929c6f4484962560e72edc7982a9728ae7083f499b7d4efefaac982e879ad73ee9be60052aa0f3
SHA1 hash:	3886f11263212fdea21397c4b6319c6045472f73
MD5 hash:	53f32c52dc14e69addde4cba87b15984
humanhash:	chicken-charlie-sierra-dakota
File name:	REF 8047007 ALTERHA CHEM LLC LIST.IMG
Download:	download sample
Signature	RemcosRAT Create hunting rule
File size:	1'900'544 bytes
First seen:	2023-03-29 10:59:39 UTC
Last seen:	2023-03-29 11:04:25 UTC
File type:	img
MIME type:	application/x-iso9660-image
ssdeep	24576:ze12zVZ97Dc+6yvxly1dJquB9SsFOrOHXLzCIrn0WRO5z:zeAR37P0fkoQbO10u
TLSH	T17295CD1DE1C071FBD61743B289E0E733A66FEED5161289CDD9E86DE7B2BF608041A205
TrID	50.6% (.ISO/UDF) UDF disc image (2114500/1/6) 49.0% (.NULL) null bytes (2048000/1) 0.1% (.ATN) Photoshop Action (5007/6/1) 0.0% (.ISO) ISO 9660 CD image (2545/36/1) 0.0% (.BIN/MACBIN) MacBinary 1 (1033/5)
Reporter	cocaman
Tags:	img RemcosRAT

cocaman

Malicious email (T1566.001)
From: "Shanis AK - ALTAHER CHEMICALS LLC <sales@towersenterprises.com>" (likely spoofed)
Received: "from general.towersenterprises.com (general.towersenterprises.com [83.137.158.171]) "
Date: "Wed, 29 Mar 2023 02:36:48 -0700"
Subject: "PURCHASE ORDER - UAE61 - 4510793563 - ALTAHER CHEMICALS LLC"
Attachment: "REF 8047007 ALTERHA CHEM LLC LIST.IMG"

Intelligence

File Origin

# of uploads :

# of downloads :

118

Origin country :

n/a

File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:	REF_8047.EXE
File size:	1'344'000 bytes
SHA256 hash:	f853dbba694560317f4d0673da02ae77afce25d7eb4dc62f02ed0f5c750ce861
MD5 hash:	5d5e76e709b1df312317562127d3d0c0
MIME type:	application/x-dosexec
Signature	RemcosRAT

Vendor Threat Intelligence

Detection(s):

Sanesecurity.Foxhole.Iso_fs3278.UNOFFICIAL

SecuriteInfo.com.MSIL.Kryptik.WZA.UNOFFICIAL

Sanesecurity.Malware.28872.BadIN4.UNOFFICIAL

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

context-iso packed

Link:

https://www.filescan.io/uploads/64241a34688c0e6397b368ba/reports/4c74f5ef-08dd-4f9b-a890-38477657d6e0/overview

Verdict:

Malicious

Labled as:

Possibl.E94332FB

Link:

https://www.hybrid-analysis.com/sample/a6556d1518c9aad6443da0c1d1828de326944cc75890f6c237719ee3f68d87e8

Result

Verdict:

MALICIOUS

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/a6556d1518c9aad6443da0c1d1828de326944cc75890f6c237719ee3f68d87e8/

Threat name:

Win32.Trojan.CrypterX

Status:

Malicious

First seen:

2023-03-29 11:00:08 UTC

File Type:

Binary (Archive)

Extracted files:

AV detection:

6 of 37 (16.22%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=uzkw2fiyzgvnmrb5uda5daun4mtjitghlcipnqrxogpoh5unq7ua._file

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/a6556d1518c9aad6443da0c1d1828de326944cc75890f6c237719ee3f68d87e8

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.