MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cd63f226472363f922bbdd9d21c1821c0b97a12b9b369e53d482d0c412df63af. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RemcosRAT


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cd63f226472363f922bbdd9d21c1821c0b97a12b9b369e53d482d0c412df63af
SHA3-384 hash: 213c9f97327330947b5ffe2dbd97d7fb0fb21aa25c26a9a52cdcd6ce9346dfbb5441f5df357e42f5912fed8a2022da32
SHA1 hash: 3ee8c798c46b9d5371d79f6ab8e8e197f7a609ad
MD5 hash: 833afa81bb417fd53807d5bc23a743b6
humanhash: mars-oregon-lamp-fifteen
File name:Valid Prices.z
Download: download sample
Signature RemcosRAT
Create hunting rule
File size:108'994 bytes
First seen:2021-03-09 10:50:12 UTC
Last seen:2021-03-09 11:42:47 UTC
File type: zip
MIME type:application/zip
ssdeep 1536:ocEQOR5bRoYZofU7FlDtYL1I2uSg6ntoXMjY6Lnd/V2EFX1EkHL7:ohRR5bRFRlxYfuBXMLnpV2KFf/
TLSH AFB3121CC4B4F487D6A473BAD665010992BE51DE311BF2BC2904F5C226E63F44B9FA2E
Reporter abuse_ch
Tags:RAT RemcosRAT z


Avatar
abuse_ch
Malspam distributing RemcosRAT:

HELO: lucky1.263xmail.com
Sending IP: 211.157.147.133
From: 张贵强 <sale20@chinachuangxin.net>
Subject: Valid Prices
Attachment: Valid Prices.z (contains "Purchase Order.bat")

RemcosRAT C2:
feromo.duckdns.org:8087

Intelligence

File Origin
# of uploads :
2
# of downloads :
296
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Zmutzy.32.13289.14123.UNOFFICIAL
Create hunting rule

Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-03-09 10:51:05 UTC
AV detection:
13 of 47 (27.66%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=zvr7ejshenr7siv33wosdqmcdqfzpijltm3j4u6uqlimiew7moxq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Dropper
Score:
0.80
Link:
https://yomi.yoroi.company/submissions/cd63f226472363f922bbdd9d21c1821c0b97a12b9b369e53d482d0c412df63af

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RemcosRAT

zip cd63f226472363f922bbdd9d21c1821c0b97a12b9b369e53d482d0c412df63af

(this sample)

RemcosRAT

Executable exe 492823289d0cbc07c789546fda1d7bbee05327c29964f5738f70e82ae7c4f4ad

  
Dropping
MD5 198fc5e4c09bbb50e74b047cccc88ddf
  
Dropping
RemcosRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 492823289d0cbc07c789546fda1d7bbee05327c29964f5738f70e82ae7c4f4ad
  
Dropping
SHA256 0024c03b214910f21e99a8444a63a33f07ee1fb54aa63a9d88e4cc97e00d0bb7
  
Dropping
MD5 e7af6cf663f5f1dd585d35f6b68dd51a

Comments