MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b371d002c5cdc04dc83f47d413a17103d6325b13c945ff090952aa743b6e9205. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RemcosRAT


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b371d002c5cdc04dc83f47d413a17103d6325b13c945ff090952aa743b6e9205
SHA3-384 hash: e852dcd804be9cc6b9c97a511407ef0504f0bd95c3aa4fb5a1de220be0d4ef485e10676670c5884a137a46b1937eba3c
SHA1 hash: 815e71accb773c61654a6939532f46fe0c65fc80
MD5 hash: 42e0fe24cb392a0dc23c0232959bad30
humanhash: muppet-one-summer-five
File name:PO93-DOC89345833_pdf.zip
Download: download sample
Signature RemcosRAT
Create hunting rule
File size:164'635 bytes
First seen:2020-07-13 11:58:07 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 3072:Q6WlPys4Gv66Gy9yBl0HYI5e0VnMX1nwL2TrFxEWWlPWXzeFtXy57U:QpPys2DoyBlzcnMdEmmPWjeFtCW
TLSH E8F31271C2AD4F6A931DB772A9D53AAD0DBA05BFB02B4BC2B0615D4F0394A1F8054CB8
Reporter abuse_ch
Tags:RAT RemcosRAT zip


Avatar
abuse_ch
Malspam distributing RemcosRAT:

HELO: li1640-29.members.linode.com
Sending IP: 172.104.60.29
From: Joyce Chen <dreamt2004@naver.com>
Reply-To: dreamt2004@naver.com
Subject: Purchase Order for #V20200 2020-07-06
Attachment: PO93-DOC89345833_pdf.zip (contains "PO93-DOC89345833_pdf.exe")

RemcosRAT C2:
109.169.89.116:2021

Intelligence

File Origin
# of uploads :
1
# of downloads :
67
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.25815.ZipHeur.BadExt.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b371d002c5cdc04dc83f47d413a17103d6325b13c945ff090952aa743b6e9205/
Threat name:
ByteCode-MSIL.Trojan.Zmutzy
Create hunting rule
Status:
Malicious
First seen:
2020-07-13 12:00:07 UTC
AV detection:
9 of 48 (18.75%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=wny5aawfzxae3sb7i7kbhilrapldewytzfc76cijkkvhio3osicq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RemcosRAT

zip b371d002c5cdc04dc83f47d413a17103d6325b13c945ff090952aa743b6e9205

(this sample)

RemcosRAT

Executable exe 1f116c8f89973d9a9641d0dfd79af6c83c36ea2bf80a7cde67c18613402a1936

  
Dropping
MD5 d44fd12c4a59244c15415cc69d9107b2
  
Dropping
RemcosRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 1f116c8f89973d9a9641d0dfd79af6c83c36ea2bf80a7cde67c18613402a1936

Comments