MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 aeb17d09ab00f440c7247b9a2007a44b7c1c8be6f9f0215e604be41298167564. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RemcosRAT


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: aeb17d09ab00f440c7247b9a2007a44b7c1c8be6f9f0215e604be41298167564
SHA3-384 hash: 2ad5baedeb3e41eeb6d929f8e5466db84a6c075606f12a16eada5732b45a014bbdf0ce8253ff39dea3cbd9e79accbf6f
SHA1 hash: 03d6b1f0a66a8f6162fbda2bdf38f6f69560f80e
MD5 hash: a2fce3a656ff2b71ffc725a8f04b6bda
humanhash: lactose-skylark-lithium-fanta
File name:TT SWIFT COPY.r28
Download: download sample
Signature RemcosRAT
Create hunting rule
File size:33'859 bytes
First seen:2021-01-27 15:46:45 UTC
Last seen:2021-01-27 19:45:25 UTC
File type: rar
MIME type:application/x-rar
ssdeep 768:tvU3kwAJLwiN3pKo8Ui4wvcHbyXj/d1RLTjl9mI0jA:lUYn3pKR74Wc7yT11JTjlUI0c
TLSH 05E2F1052744271A5EEAC9BB5F097646ADC3788BF4108E4DC9E8C5F638EB541AB3E13C
Reporter cocaman
Tags:r28 RemcosRAT


Avatar
cocaman
Malicious email (T1566.001)
From: ""Open Payment" <info@daimler.com>" (likely spoofed)
Received: "from slot0.anthonyveeder.com (slot0.anthonyveeder.com [45.85.90.2]) "
Date: "Wed, 27 Jan 2021 17:44:38 +0100"
Subject: "Re: Re: Proforma Invoice"
Attachment: "TT SWIFT COPY.rar"

Intelligence

File Origin
# of uploads :
5
# of downloads :
171
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Rogue.0hr.20210128-1256.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/aeb17d09ab00f440c7247b9a2007a44b7c1c8be6f9f0215e604be41298167564/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-01-27 15:47:07 UTC
File Type:
Binary (Archive)
Extracted files:
3
AV detection:
11 of 28 (39.29%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=v2yx2cnlad2ebrzeponcab5ejn6bzc7g7hyccxtajpsbfgawovsa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/aeb17d09ab00f440c7247b9a2007a44b7c1c8be6f9f0215e604be41298167564

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RemcosRAT

rar aeb17d09ab00f440c7247b9a2007a44b7c1c8be6f9f0215e604be41298167564

(this sample)

RemcosRAT

Executable exe d94aa8eba8dce581912552261b549bb8bcf04e8380fa68dc525c0d94236b761b

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d94aa8eba8dce581912552261b549bb8bcf04e8380fa68dc525c0d94236b761b
  
Dropping
RemcosRAT

Comments