MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b75b3f2793c8fcef3fef020bf885d4885ff052695f7c9c2c77f6453846505a54. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RemcosRAT


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b75b3f2793c8fcef3fef020bf885d4885ff052695f7c9c2c77f6453846505a54
SHA3-384 hash: 7c6386b5720f5ab28fed63902a90cc9e808551d59f340959c28caf6e4af5163e9cf1d94b2f1e9b4f30d97e6cf962157a
SHA1 hash: 4177394e45a6cd71b58c1348a47b68a570b761a2
MD5 hash: 10e2204ca0499ffc9cfa65682c3602bd
humanhash: romeo-wisconsin-april-two
File name:CHANGE OF ACCOUNT RUSH TO DESK.rar
Download: download sample
Signature RemcosRAT
Create hunting rule
File size:301'856 bytes
First seen:2022-05-10 06:16:31 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:cHiuspns7c/OVEITTe6pBf6p0B1u00D9fVYIYUBo95CLB9cG:cHi/TeOsfAL9fz/695C/cG
TLSH T17F54220970AD2D45C23C4CBDA33D465B9EC6365BA11DFEC1A32EBB9CE391B1A260080D
TrID 61.5% (.RAR) RAR compressed archive (v5.0) (8000/1)
38.4% (.RAR) RAR compressed archive (gen) (5000/1)
Reporter cocaman
Tags:rar RemcosRAT


Avatar
cocaman
Malicious email (T1566.001)
From: "DA-Desk Mailing System<cm_team_beta@da-desk.com>" (likely spoofed)
Received: "from da-desk.com (unknown [96.9.245.119]) "
Date: "09 May 2022 15:12:59 -0700"
Subject: "RUSH TO DESK/ FRAUD ALART"
Attachment: "CHANGE OF ACCOUNT RUSH TO DESK.rar"

Intelligence

File Origin
# of uploads :
1
# of downloads :
205
Origin country :
n/a
Vendor Threat Intelligence
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
control.exe greyware keylogger shell32.dll
Link:
https://www.filescan.io/uploads/627a037ad4bfd83491c4d8fc/reports/80d91c6d-3ce8-4b88-bbe2-b743e9b77cbb/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b75b3f2793c8fcef3fef020bf885d4885ff052695f7c9c2c77f6453846505a54/
Threat name:
Win32.Trojan.Remcos
Create hunting rule
Status:
Malicious
First seen:
2022-05-09 17:49:38 UTC
File Type:
Binary (Archive)
Extracted files:
33
AV detection:
19 of 41 (46.34%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=w5nt6j4tzd6o6p7paif7rbourbp7autjl56jyldx6zctqrsqljka._file
Result
Malware family:
modiloader
Create hunting rule
Score:
  10/10
Tags:
family:modiloader persistence trojan
Link:
https://tria.ge/reports/220510-g1191saggr/
Behaviour
Suspicious use of WriteProcessMemory
Program crash
Adds Run key to start application
ModiLoader Second Stage
ModiLoader, DBatLoader
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/b75b3f2793c8fcef3fef020bf885d4885ff052695f7c9c2c77f6453846505a54

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RemcosRAT

rar b75b3f2793c8fcef3fef020bf885d4885ff052695f7c9c2c77f6453846505a54

(this sample)

RemcosRAT

Executable exe f92693be20b760d1f24228bf91056368c06f33faeaf8fad6517115036d1f37c6

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 f92693be20b760d1f24228bf91056368c06f33faeaf8fad6517115036d1f37c6
  
Dropping
RemcosRAT

Comments