MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cd7bdcbe3f76fdbea79b981e89eb453ac70e6359cfe499616142899a99a0fd0c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RemcosRAT


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cd7bdcbe3f76fdbea79b981e89eb453ac70e6359cfe499616142899a99a0fd0c
SHA3-384 hash: e0f09bf70c9d705866c377a042a59f9e8f2e8f73864e255d8a9e5b94bfcdbcfdf64c91ccdf5e4f18fe281ff146c494ba
SHA1 hash: 44398190b19227dd8458d501dc711b5ee3bfb3ff
MD5 hash: 2d8f27079cfeda3858940f7d073dbe7e
humanhash: thirteen-oregon-cardinal-wisconsin
File name:PO_NewCustomerOrder.z
Download: download sample
Signature RemcosRAT
Create hunting rule
File size:280'549 bytes
First seen:2020-11-19 07:25:37 UTC
Last seen:2020-11-27 10:04:40 UTC
File type: zip
MIME type:application/zip
ssdeep 6144:3gxc1uyEpgKp4GE4sI5YQAIHoBpQM4Ioq4xEDrNN0Yjpbcf8Y:k9pgyLEWH6dloJE3Xdbcf8Y
TLSH 6D5423DA92B12E48BAE8EB742719D71C229C4ACB1FD51F22E139577533C475F10A0A27
Reporter GovCERT_CH
Tags:RemcosRAT

Intelligence

File Origin
# of uploads :
28
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Zip_fs1480.UNOFFICIAL
Create hunting rule

PUA.Win.Trojan.Generic-6629274-0
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/cd7bdcbe3f76fdbea79b981e89eb453ac70e6359cfe499616142899a99a0fd0c/
Threat name:
Win32.Backdoor.Crysan
Create hunting rule
Status:
Malicious
First seen:
2020-11-19 02:24:38 UTC
AV detection:
25 of 48 (52.08%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=zv55zpr7o3635j43tapit22fhldq4y2zz7sjsylbikezvgna7uga._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RemcosRAT

zip cd7bdcbe3f76fdbea79b981e89eb453ac70e6359cfe499616142899a99a0fd0c

(this sample)

RemcosRAT

Executable exe 69c0dfdb136e864341810ac7ac86ce413c9de466d775651e5bf6eeeeebb0e7c2

  
Dropped by
RemcosRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 69c0dfdb136e864341810ac7ac86ce413c9de466d775651e5bf6eeeeebb0e7c2
  
Dropping
MD5 5648550de2669b6c6bb5a1f1ffbb166e

Comments