MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 af12b8229cc9c53ec639cf37a146aad5bc89122225c3aaa8d2fda70a13e78f8b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RemcosRAT


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: af12b8229cc9c53ec639cf37a146aad5bc89122225c3aaa8d2fda70a13e78f8b
SHA3-384 hash: 14d9ee0abe5fcd43acd2fe8faa93de217c10ff1f23fbeefe88e80759bf980bc502ee74c4687f81c8862b382bb4daed04
SHA1 hash: c892dc6206af4230a76b1016f0d7ec5c5854d6be
MD5 hash: d87466f7848fa6ced5d4d6feac07107a
humanhash: michigan-november-triple-king
File name:Tax accessment details.img
Download: download sample
Signature RemcosRAT
Create hunting rule
File size:1'572'864 bytes
First seen:2020-10-19 10:38:09 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:bY2jsH0s30vuwlPMSGUzoPLLJ3SSsD8O1slNn5IswLOQ:bzjm02wKazmLF6sT1A
TLSH CC757D33B2D24873D47329789D1B67A8AD3ABE102928B5463BF91C4C5F396413C7E297
Reporter abuse_ch
Tags:img RemcosRAT


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: rdns1.bumbee.xyz
Sending IP: 51.254.83.62
From: ITAS Email.Services <ITAS.Email.Services@mof.gov.na>
Subject: IRD Assessment Notice for Tax Return
Attachment: Tax accessment details.img (contains "Tax accessment details_849408739380383672292897263.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/af12b8229cc9c53ec639cf37a146aad5bc89122225c3aaa8d2fda70a13e78f8b/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-10-19 07:50:07 UTC
AV detection:
9 of 48 (18.75%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=v4jlqiu4zhct5rrzz432crvk2w6isercexb2vkgs7wtque7hr6fq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Remcos
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/af12b8229cc9c53ec639cf37a146aad5bc89122225c3aaa8d2fda70a13e78f8b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RemcosRAT

img af12b8229cc9c53ec639cf37a146aad5bc89122225c3aaa8d2fda70a13e78f8b

(this sample)

RemcosRAT

Executable exe e86d9b9cdf1f341e2c2f811a31d371204d181385f6c32282057b976d25f53591

  
Dropping
MD5 81426248c731b1d4de7ae415603d89c4
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e86d9b9cdf1f341e2c2f811a31d371204d181385f6c32282057b976d25f53591

Comments