MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c3507c427f61711edc73e2ea4fe84bac8c420285ac0d2e160f39c1aa2ffe7557. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RemcosRAT


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c3507c427f61711edc73e2ea4fe84bac8c420285ac0d2e160f39c1aa2ffe7557
SHA3-384 hash: 2fa798592262038e89d4b3eb7cd82a380cab9d9fffecf801b41f49e25fb745579c4f4a6fe15a182ab59b63929a7ce493
SHA1 hash: 3c658b0aa6efe317aba1502e46b44b8962a4655f
MD5 hash: 4b3c318a3747a62ea3d57059b5e35e9c
humanhash: tennis-uniform-spaghetti-pennsylvania
File name:Quotation.uue
Download: download sample
Signature RemcosRAT
Create hunting rule
File size:475'905 bytes
First seen:2024-08-14 17:08:23 UTC
Last seen:Never
File type: uue
MIME type:application/x-rar
ssdeep 12288:JMFjS5LETE8wEgc6Z5FMIoJZDN58A2c4S3VK9ZwbjHBj:uS52Qlc6lMIoJZn8A2c4OK9YjHBj
TLSH T14CA4235D4739D7DBF06A59E4E2A2F8CD667C01C633C990945609DBB70BA8638DCB708C
TrID 58.3% (.RAR) RAR compressed archive (v-4.x) (7000/1)
41.6% (.RAR) RAR compressed archive (gen) (5000/1)
Reporter cocaman
Tags:QUOTATION RemcosRAT RFQ uue


Avatar
cocaman
Malicious email (T1566.001)
From: "info@qiqnx.com" (likely spoofed)
Received: "from mail0.qiqnx.com (mail0.qiqnx.com [193.42.36.137]) "
Date: "12 Aug 2024 22:54:29 -0700"
Subject: "RFQ"
Attachment: "Quotation.uue"

Intelligence

File Origin
# of uploads :
1
# of downloads :
106
Origin country :
CH CH
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.21203.RarHeur.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
97.4%
Link:
https://cyber-fortress.com/docs/result/index.php?id=66bce4b0aa5b40be0aa0359a
Tags:
Discovery Execution Generic Infostealer Network Static Stealth Trojan
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
borland_delphi fingerprint keylogger
Link:
https://www.filescan.io/uploads/66bce4af55c081148cc95cd3/reports/988cb3de-de89-4299-88ae-6ba9c46d6aa1/overview
Verdict:
Suspicious
Labled as:
Mal/DrodRar
Link:
https://www.hybrid-analysis.com/sample/c3507c427f61711edc73e2ea4fe84bac8c420285ac0d2e160f39c1aa2ffe7557
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c3507c427f61711edc73e2ea4fe84bac8c420285ac0d2e160f39c1aa2ffe7557/
Threat name:
Win32.Trojan.Remcos
Create hunting rule
Status:
Malicious
First seen:
2024-08-13 17:10:24 UTC
File Type:
Binary (Archive)
Extracted files:
100
AV detection:
16 of 38 (42.11%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ynihyqt7mfyr5xdt4lve72clvsgeeaufvqgs4fqphha2ul76ovlq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/c3507c427f61711edc73e2ea4fe84bac8c420285ac0d2e160f39c1aa2ffe7557

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RemcosRAT

uue c3507c427f61711edc73e2ea4fe84bac8c420285ac0d2e160f39c1aa2ffe7557

(this sample)

RemcosRAT

Executable exe 28a42f4606cc7e3f5acb4c516a5728f1d29ccf0a75d619e5e77279d8a4738cae

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 28a42f4606cc7e3f5acb4c516a5728f1d29ccf0a75d619e5e77279d8a4738cae
  
Dropping
MD5 32bed0dc51ae3921a0505fd023dbf5be

Comments