MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c67e2f73f00ab50c5be48e3fd216405fd8679115a122299f2fc11c4248bba1ca. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RemcosRAT


Vendor detections: 6


Intelligence 6 IOCs 1 YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c67e2f73f00ab50c5be48e3fd216405fd8679115a122299f2fc11c4248bba1ca
SHA3-384 hash: 2734cf1ed57bee0a865c53183885fa75cd95abae53ee8d01ed9e9e919128fb61aed252d11ae88d519b45eb37a0fda7fe
SHA1 hash: 867641a84fb6b1c17d47579e4e799117f6caa2db
MD5 hash: 5e892b10db66eb725347e2bc97d146a1
humanhash: oregon-stream-autumn-cola
File name:rfq_last_quater_product_purchase_order_import_list_09_09_2024_00000024.7z
Download: download sample
Signature RemcosRAT
Create hunting rule
File size:3'181 bytes
First seen:2024-09-09 06:00:15 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 48:9sGh1FZ5Dx1O0cIgRHFFJWOvLLznJLpUy5Uj2Kq3Dy9HkmEQZZgAob+QGhTB:eoFfN1OvRHDJWOvLPdWVjoDjmLZDoaQa
TLSH T159613A19C3FFAD17F1CC23749A889FBA03427EA01DADE241A402528666A50791C4BEAD
Magika zip
Reporter cocaman
Tags:7z RemcosRAT RFQ zip


Avatar
cocaman
Malicious email (T1566.001)
From: "Edscha Hradec s.r.o. <trading.edsha@sbcglobal.net>" (likely spoofed)
Received: "from hwsrv-1241958.hostwindsdns.com (hwsrv-1241958.hostwindsdns.com [192.119.110.245]) "
Date: "8 Sep 2024 22:57:05 -0700"
Subject: "RE: final quater PO 2024."
Attachment: "rfq_last_quater_product_purchase_order_import_list_09_09_2024_00000024.7z"

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOCThreatFox Reference
43.226.229.234:57484 https://threatfox.abuse.ch/ioc/1322530/

Intelligence

File Origin
# of uploads :
1
# of downloads :
150
Origin country :
CH CH
File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:rfq_last_quater_product_purchase_order_import_list_09_09_2024_00000024.bat
File size:4'808 bytes
SHA256 hash: 4185f3b1d930ba69d0ce56cc57c84ea8cc1a0e716c4cc38034b2a11d9f7a4d75
MD5 hash: b2efe15b9de4f877fb4c18c61ff61320
MIME type:text/plain
Signature RemcosRAT
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.30643.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
96.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=66de83672b43a28a71757d74
Tags:
Encryption Execution Generic Network Stealth
Result
Verdict:
Unknown
File Type:
ZIP File
Link:
https://app.docguard.net/c67e2f73f00ab50c5be48e3fd216405fd8679115a122299f2fc11c4248bba1ca/results/dashboard
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
masquerade
Link:
https://www.filescan.io/uploads/66de8f1f7fd554a24b9b3e62/reports/602b9fa0-6f38-4eb7-8877-dd17ea6f691e/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/c67e2f73f00ab50c5be48e3fd216405fd8679115a122299f2fc11c4248bba1ca
Result
Verdict:
UNKNOWN
Link:
https://labs.inquest.net/dfi/sha256/c67e2f73f00ab50c5be48e3fd216405fd8679115a122299f2fc11c4248bba1ca
Score:
100%
Verdict:
Malware
File Type:
ARCHIVE
Link:
https://malprob.io/report/c67e2f73f00ab50c5be48e3fd216405fd8679115a122299f2fc11c4248bba1ca
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c67e2f73f00ab50c5be48e3fd216405fd8679115a122299f2fc11c4248bba1ca/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=yz7c647qbk2qyw7ery75efsal7mgpeivuercthzpyeoeesf3uhfa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/c67e2f73f00ab50c5be48e3fd216405fd8679115a122299f2fc11c4248bba1ca

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RemcosRAT

zip c67e2f73f00ab50c5be48e3fd216405fd8679115a122299f2fc11c4248bba1ca

(this sample)

RemcosRAT

Batch (bat) bat 4185f3b1d930ba69d0ce56cc57c84ea8cc1a0e716c4cc38034b2a11d9f7a4d75

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 4185f3b1d930ba69d0ce56cc57c84ea8cc1a0e716c4cc38034b2a11d9f7a4d75
  
Dropping
RemcosRAT

Comments