MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cb4a633a4d6eb514adc504f28af7c2e1f0c209a998b218fe996e69f2801822bc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RemcosRAT


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cb4a633a4d6eb514adc504f28af7c2e1f0c209a998b218fe996e69f2801822bc
SHA3-384 hash: 9c0f2034c46f82e5d0dfb7ceacbfdc0a89e42cc7319485a49dab2075fd719a0149c30b01f1191cb93e23c537e0d37f9b
SHA1 hash: 26433e6da1c3412a7ea3f9b456edbcbc2ad24fba
MD5 hash: 9b30ea7d816c9599acf22823b89e0f94
humanhash: harry-saturn-hot-jig
File name:SKM_C258201001130020005057.IMG
Download: download sample
Signature RemcosRAT
Create hunting rule
File size:1'245'184 bytes
First seen:2021-02-10 12:54:09 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:5uSDkZXxGBrFVv3ct3yNTUOQg275hOqH:AcEhGBrFVPcJ6T7Qg275sq
TLSH B845230017719873F7A3067098F16B51D6A9AE1541900B8B3B9C5E68FF6A8D2CE3F6C3
Reporter abuse_ch
Tags:DHL img RAT RemcosRAT


Avatar
abuse_ch
Malspam distributing RemcosRAT:

HELO: www1834.sakura.ne.jp
Sending IP: 112.78.112.174
From: DHL Courier Service <pub01@nai10.org>
Subject: Your Parcel Arrived
Attachment: SKM_C258201001130020005057.IMG (contains "SKM_C258201001130020005057.exe")

RemcosRAT C2:
severdops.ddns.net

Intelligence

File Origin
# of uploads :
1
# of downloads :
106
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Downloader.Soft32downloader-6691270-0
Create hunting rule

Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/cb4a633a4d6eb514adc504f28af7c2e1f0c209a998b218fe996e69f2801822bc/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2021-02-10 12:55:08 UTC
AV detection:
8 of 48 (16.67%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=znfggosnn22rjlofatziv56c4hymecnjtczbr7uznzu7faayek6a._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/cb4a633a4d6eb514adc504f28af7c2e1f0c209a998b218fe996e69f2801822bc

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RemcosRAT

img cb4a633a4d6eb514adc504f28af7c2e1f0c209a998b218fe996e69f2801822bc

(this sample)

RemcosRAT

Executable exe 2f665f13b22691a3e209696fc7135cd24e35ed5ee961f16d1490d98bde98422d

  
Dropping
MD5 d9044752ac74187a4d71fb8c74807ca6
  
Dropping
RemcosRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 2f665f13b22691a3e209696fc7135cd24e35ed5ee961f16d1490d98bde98422d

Comments