MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b254845ff2821f49fe41edc803320a247b10ec24ec31e92b3802f1c8361cb80d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RemcosRAT


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b254845ff2821f49fe41edc803320a247b10ec24ec31e92b3802f1c8361cb80d
SHA3-384 hash: f156228ffd14931da256ebf81c96f87431f6defcce1436cf074fa03afd8540aee35fa82abd0fd44a20cb61c01be4753f
SHA1 hash: e79621e3c5c1702b0036372f3b0c0a3205d549c2
MD5 hash: c467a314b46b8d09887a33b3ca4e01e3
humanhash: bulldog-maryland-romeo-nineteen
File name:New order is in the attached.r00
Download: download sample
Signature RemcosRAT
Create hunting rule
File size:392'674 bytes
First seen:2020-10-26 09:06:36 UTC
Last seen:Never
File type: r00
MIME type:application/x-rar
ssdeep 6144:QwOJ5VmfUP6lJ3BsIR2iuu1wDVFNqV1wUpt5rDF7DHcFbdd2q0j45lP5bQMKo:hE5OUP6lFp71whqJxZH89Sq0jYh5bp
TLSH 2A842347013536EE6348FB6C265682D623A8B292F75807DF9137D36E0524F2B50D2BBA
Reporter abuse_ch
Tags:r00 RAT RemcosRAT


Avatar
abuse_ch
Malspam distributing RemcosRAT:

HELO: vps.pantin-hoes.com
Sending IP: 45.95.169.163
From: Rachel Hu <sales@cye.com.tw>
Subject: Re: new order
Attachment: New order is in the attached.r00 (contains "Purchase Order 04600-M21A.pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b254845ff2821f49fe41edc803320a247b10ec24ec31e92b3802f1c8361cb80d/
Threat name:
ByteCode-MSIL.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2020-10-26 00:11:26 UTC
AV detection:
34 of 48 (70.83%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=wjkiix7sqiput7sb5xeagmqker5rb3be5qy6skzyaly4qnq4xagq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RemcosRAT

r00 b254845ff2821f49fe41edc803320a247b10ec24ec31e92b3802f1c8361cb80d

(this sample)

RemcosRAT

Executable exe 570e5bb05a57a95438fe1f61a116ab1d0de2bb2b0703745adea8ff45780d4a57

  
Dropping
MD5 30d0e24cde001b401ad1a0baabad3c0a
  
Dropping
RemcosRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 570e5bb05a57a95438fe1f61a116ab1d0de2bb2b0703745adea8ff45780d4a57

Comments