MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b96d9eb0886685cec85a94646b9a1354a4bfc3c8efee34bf3c3f7e7d189943f2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RemcosRAT


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b96d9eb0886685cec85a94646b9a1354a4bfc3c8efee34bf3c3f7e7d189943f2
SHA3-384 hash: f6d3f9eaa21f07c83fe891f8f6126aaec73b7e589445d4f8908c8d202341821dcf3b562786996d5ccc56d8cf95b9dec7
SHA1 hash: 4c959c31230d8f7120042e01121068f70610b157
MD5 hash: 07eb0078c6a042c32ae3c6e9ffc510c1
humanhash: hotel-steak-nevada-december
File name:UPS Detail.img
Download: download sample
Signature RemcosRAT
Create hunting rule
File size:1'245'184 bytes
First seen:2020-10-18 14:43:08 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:7oheYEdyDQLxPQDPod7A+pVIPr3L1sset9MVeSoGZF5:7oheYncLxPU87HpVeRssi9MsSf
TLSH C445D025630A9FB5E03D93366158420257F5E15FE312E6AEBFBD42D84AE1F804373B1A
Reporter abuse_ch
Tags:img RAT RemcosRAT UPS


Avatar
abuse_ch
Malspam distributing RemcosRAT:

HELO: mysmtp1
Sending IP: 51.141.166.35
From: UPS Customer Service <pkinfo@ups.com>
Subject: UPS - Package Arrival Notification
Attachment: UPS Detail.img (contains "3Bzi8PzqwnAJZjY.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
119
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PackedNET.424.13544.29708.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b96d9eb0886685cec85a94646b9a1354a4bfc3c8efee34bf3c3f7e7d189943f2/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-10-18 12:59:26 UTC
AV detection:
9 of 48 (18.75%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=xfwz5meim2c45sc2srsgxgqtkssl7q6i57xdjpz4h57h2gezipza._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/b96d9eb0886685cec85a94646b9a1354a4bfc3c8efee34bf3c3f7e7d189943f2

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RemcosRAT

img b96d9eb0886685cec85a94646b9a1354a4bfc3c8efee34bf3c3f7e7d189943f2

(this sample)

RemcosRAT

Executable exe d9eeb6c02f3837b46eafecd72f433a538511cf6280b8238a76baa6a55be2c856

  
Dropping
MD5 1c5ab3d308df8c12c63ff5420b18d4ba
  
Dropping
RemcosRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d9eeb6c02f3837b46eafecd72f433a538511cf6280b8238a76baa6a55be2c856

Comments