MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c010256c652df9d3d2f1d2d013a88292739931fdae1bfcc0ae87a98ba3622ee0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RemcosRAT


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c010256c652df9d3d2f1d2d013a88292739931fdae1bfcc0ae87a98ba3622ee0
SHA3-384 hash: 92618b983490a9f46738c92f5096f9a7239141919498368dd2b533d59666da8e3514a67cd8b71ad3e5da64e990456436
SHA1 hash: c56b81ad9aaef47cfe08891e42a83f251a6975d8
MD5 hash: bf52890770cb30892e3574e40a91f9fa
humanhash: xray-mike-pip-alpha
File name:Shipping Document PL BL 960.iso
Download: download sample
Signature RemcosRAT
Create hunting rule
File size:1'087'488 bytes
First seen:2021-01-13 06:00:15 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 12288:LZudkfCufXzfNcL6W9/lJHT6HJdIr6S2sQRbvVttjADJ946EvP:LffpPzfNcvDJzudkJ2sg3xU94P
TLSH 1D352A40ABD84700F3BD27BC697040615BF6FB95E7B8E31CF86C506A5BA2D5080BE762
Reporter abuse_ch
Tags:DHL iso RAT RemcosRAT


Avatar
abuse_ch
Malspam distributing RemcosRAT:

HELO: mail9.alfaspeedy.com
Sending IP: 128.199.1.186
From: DHL Express <delivery@dhl.com>
Subject: Commercial Invoice & BL
Attachment: Shipping Document PL BL 960.iso (contains "Shipping Document PL& BL 960.exe")

RemcosRAT C2:
favour2021.ddns.net:1990

Intelligence

File Origin
# of uploads :
1
# of downloads :
119
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.ArtemisEB305D3D7F3A.2594.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c010256c652df9d3d2f1d2d013a88292739931fdae1bfcc0ae87a98ba3622ee0/
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=yaick3dffx45huxr2libhkecsjzzsmp5vyn7zqfoq6uyxi3cf3qa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/c010256c652df9d3d2f1d2d013a88292739931fdae1bfcc0ae87a98ba3622ee0

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RemcosRAT

iso c010256c652df9d3d2f1d2d013a88292739931fdae1bfcc0ae87a98ba3622ee0

(this sample)

RemcosRAT

Executable exe 3dde92f19924860f0874ee0fe3fab80a1112c20e18d9782528bd7c471f0f2344

  
Dropping
MD5 eb305d3d7f3a4b7fe158d41522458d27
  
Dropping
RemcosRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 3dde92f19924860f0874ee0fe3fab80a1112c20e18d9782528bd7c471f0f2344

Comments