MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ce1442851fe3168068cba2e2c6a2d018ecdf1c9651250276d4509d38f1fb860c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RemcosRAT


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ce1442851fe3168068cba2e2c6a2d018ecdf1c9651250276d4509d38f1fb860c
SHA3-384 hash: 346ea717267f90ad6ceb6c5d17440ba2e67abdb190c5e047aa492c50992317332f8462f1bd821efa089f87494b4218dd
SHA1 hash: 711bfbd85a5f613333d2d5fd5897b1611e10a09b
MD5 hash: 2fd10f6dfbedd0f0c849d86032776a15
humanhash: lemon-freddie-river-october
File name:UPS Detail.img
Download: download sample
Signature RemcosRAT
Create hunting rule
File size:1'245'184 bytes
First seen:2020-10-31 06:46:14 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:UwJwMtEx7nlkM+7Mc5YL/ZQ/6vMQ3Bdao38m31NEpi:NaMq7nFcH+ZQ/DQRd93TPEpi
TLSH F2457D1223885F59F47EA73DA4285904F3F6E417E731DD9EFC9A40CD0A61F88C7A261A
Reporter cocaman
Tags:img RemcosRAT UPS


Avatar
cocaman
Malicious email (T1566.001)
From: ""UPS Customer Service" <pkinfo@ups.com>"
Received: "from grace5 (unknown [52.151.19.25]) "
Date: "Fri, 30 Oct 2020 19:44:05 +0000"
Subject: "UPS - Package Arrival Notification"
Attachment: "UPS Detail.img"

Intelligence

File Origin
# of uploads :
1
# of downloads :
155
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PackedNET.424.2651.971.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ce1442851fe3168068cba2e2c6a2d018ecdf1c9651250276d4509d38f1fb860c/
Threat name:
ByteCode-MSIL.Infostealer.Stelega
Create hunting rule
Status:
Malicious
First seen:
2020-10-30 19:59:13 UTC
File Type:
Binary (Archive)
AV detection:
17 of 29 (58.62%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=zykefbi74mlia2glulrmniwqddwn6hewkesqe5wukcotr4p3qyga._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Remcos
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/ce1442851fe3168068cba2e2c6a2d018ecdf1c9651250276d4509d38f1fb860c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RemcosRAT

img ce1442851fe3168068cba2e2c6a2d018ecdf1c9651250276d4509d38f1fb860c

(this sample)

RemcosRAT

Executable exe d5e7d49983a219e75540be866377c4b283614a31e41f9e5223ab6ad18a1cfe61

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d5e7d49983a219e75540be866377c4b283614a31e41f9e5223ab6ad18a1cfe61
  
Dropping
RemcosRAT

Comments