MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bfb1ce81ea67d3e4534a44873c68b3ac3579b563c1df1c491d768ae7fcde48f2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RemcosRAT


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bfb1ce81ea67d3e4534a44873c68b3ac3579b563c1df1c491d768ae7fcde48f2
SHA3-384 hash: 3683dc17cf14f5c2d4f6df1aedc09f50b983d70837e0357dc27791fe6c7089efd38a2f34fc08c917c71aec34ab36047e
SHA1 hash: 500da231fa79f247369587a474249b6997ef5a4b
MD5 hash: 67d63e2dd1029f70fd21ffc4cf65be45
humanhash: xray-monkey-speaker-north
File name:Cobro Juridico_055613636_4874191282_01958044356528390_673332273_117258353370705_58841967892234.tgz
Download: download sample
Signature RemcosRAT
Create hunting rule
File size:257'788 bytes
First seen:2020-10-19 07:28:50 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:em4VTuGLlUNJe2vKIFVFEK8/K4A00nJzcwuYeb:2TuYcJVjfEP/3CnJ4wuYeb
TLSH E44423B6EFB414C790F1ED3783291C77F43089A55A1E31EAA6A22B51538D6E4F8F3805
Reporter abuse_ch
Tags:Outlook RAT RemcosRAT tgz


Avatar
abuse_ch
Malspam distributing RemcosRAT:

HELO: NAM04-SN1-obe.outbound.protection.outlook.com
Sending IP: 40.92.11.53
From: TRACTOCAMIONES NEIVA <ventas_tracto@hotmail.es>
Subject: COBRO JURIDICO SERFINANZA
Attachment: Cobro Juridico_055613636_4874191282_01958044356528390_673332273_117258353370705_58841967892234.tgz (contains "Cobro Juridico_055613636_4874191282_01958044356528390_673332273_117258353370705_58841967892234_pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
102
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Heur.9289.22815.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bfb1ce81ea67d3e4534a44873c68b3ac3579b563c1df1c491d768ae7fcde48f2/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=x6y45apkm7j6iu2kisdty2ftvq2xtnldyhprysi5o2fop7g6jdza._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/bfb1ce81ea67d3e4534a44873c68b3ac3579b563c1df1c491d768ae7fcde48f2

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RemcosRAT

rar bfb1ce81ea67d3e4534a44873c68b3ac3579b563c1df1c491d768ae7fcde48f2

(this sample)

RemcosRAT

Executable exe ca62c5cf8e6f3260dbe15a469e90197612af8843d897f65c7fdde87554ebae51

  
Dropping
MD5 20421df94d144740eab515221a45d26e
  
Dropping
RemcosRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ca62c5cf8e6f3260dbe15a469e90197612af8843d897f65c7fdde87554ebae51

Comments