MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b564e4c8f28fb518982189d031f651fd033e4d8e7970088c642a3b8c652a9acc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RemcosRAT


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b564e4c8f28fb518982189d031f651fd033e4d8e7970088c642a3b8c652a9acc
SHA3-384 hash: 718ecb4c71397f0fc2c20ad6205fc86c31dccc2224904ce6318a7ff3c5652f10d8193fda1852f77e16809b5dc961f994
SHA1 hash: c8edbdc81a06d30fa13ec747587e5d7c62565cef
MD5 hash: e94d1201ad65f892af77db199ec96d46
humanhash: crazy-minnesota-kitten-timing
File name:7eec14e7cec4dc93fbf53e08998b2340.zip
Download: download sample
Signature RemcosRAT
Create hunting rule
File size:493'056 bytes
First seen:2021-02-15 19:42:25 UTC
Last seen:Never
File type: tar
MIME type:application/x-tar
ssdeep 12288:bPSbGTS0a3ESKPCjIZq8ratAKuv+/PopVuEV2mvV:bPk0a3CCUAAKuIPopVuO
TLSH 8FA4122E77E4E92AC9E96BBD988242241776F0300A1FDB1B3F6420BDAF013857F45657
Reporter abuse_ch
Tags:nVpn RAT RemcosRAT zip


Avatar
abuse_ch
Malspam distributing RemcosRAT:

HELO: slot0.groveressentials.xyz
Sending IP: 203.159.80.67
From: Oswaldo Hernández <order@groveressentials.xyz>
Subject: RV: rfq/Solicitud de Cotización 2021/02/15
Attachment: 7eec14e7cec4dc93fbf53e08998b2340.zip (contains "7eec14e7cec4dc93fbf53e08998b2340.exe")

RemcosRAT C2:
sandshoe.myfirewall.org:2404

Intelligence

File Origin
# of uploads :
1
# of downloads :
244
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Packed2.42845.UNOFFICIAL
Create hunting rule

Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b564e4c8f28fb518982189d031f651fd033e4d8e7970088c642a3b8c652a9acc/
Threat name:
ByteCode-MSIL.Trojan.Pwsx
Create hunting rule
Status:
Malicious
First seen:
2021-02-15 19:43:06 UTC
AV detection:
6 of 46 (13.04%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=wvsojshsr62rrgbbrhidd5sr7ubt4tmopfyarddefi5yyzjktlga._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/b564e4c8f28fb518982189d031f651fd033e4d8e7970088c642a3b8c652a9acc

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RemcosRAT

tar b564e4c8f28fb518982189d031f651fd033e4d8e7970088c642a3b8c652a9acc

(this sample)

RemcosRAT

Executable exe ac03de9eb86c038c61523da3b2e8e8d6748f6f45762e44564547f96df37acbe4

  
Dropping
MD5 e12fd7343aae44cf9ba75d87754a51ad
  
Dropping
RemcosRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ac03de9eb86c038c61523da3b2e8e8d6748f6f45762e44564547f96df37acbe4

Comments