MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c3ced03dc8a59d08326c4f754de11577508af5a55582da5cd6297845e6c70358. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RemcosRAT


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c3ced03dc8a59d08326c4f754de11577508af5a55582da5cd6297845e6c70358
SHA3-384 hash: 2453b321a076ae72670128c6f8038c827d476b4334754e61791898739de768ce581b2b581429cfd406a585084a4394be
SHA1 hash: dfcffeff63f2c90f624fe9cf589e3485a05ecfad
MD5 hash: a72fc4da0c179f04d888c979f05a6b0a
humanhash: blue-oxygen-tennessee-red
File name:DHL invoice VNYI564714692.img
Download: download sample
Signature RemcosRAT
Create hunting rule
File size:1'900'544 bytes
First seen:2020-11-28 09:18:03 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 24576:ciLDfJXRq+fowpGG7By3Z72mwD8gKmX9hIbEIK:ciLr5By3Z7NVgKA
TLSH A495D02371A28436C111A5BD9E0780EE2F75FD67799CB50E3BD4AD0C8F3AA90E9150DB
Reporter abuse_ch
Tags:DHL img RemcosRAT


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: slot0.deinflae.com
Sending IP: 45.85.90.138
From: billing.help@dhl.com
Subject: Your latest DHL invoice : VNYI564714692
Attachment: DHL invoice VNYI564714692.img (contains "DHL invoice VNYI564714692.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
167
Origin country :
n/a
Vendor Threat Intelligence
Result
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c3ced03dc8a59d08326c4f754de11577508af5a55582da5cd6297845e6c70358/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-11-27 21:02:47 UTC
AV detection:
20 of 48 (41.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=yphnapoiuwoqqmtmj52u3yivo5iiv5nfkwbnuxgwff4elzwhanma._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RemcosRAT

img c3ced03dc8a59d08326c4f754de11577508af5a55582da5cd6297845e6c70358

(this sample)

RemcosRAT

Executable exe 936c820fd6780e9edb880cffc274c944ceb189e8f10915eb333fa5898d4e50be

  
Dropping
MD5 1583fdc3e1df94dfb1a3103eba791f2e
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 936c820fd6780e9edb880cffc274c944ceb189e8f10915eb333fa5898d4e50be

Comments