MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d0e4a4ba6e31af35d6f525acdff1bcb9178c113d2845d44e2ea0f4266898e81e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RemcosRAT

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	d0e4a4ba6e31af35d6f525acdff1bcb9178c113d2845d44e2ea0f4266898e81e
SHA3-384 hash:	fbd1ae77a3dfe5a56f6ee2ce96b34641e7573e9e0f4378466e30104451382f4acb1b9dfbb22a2b28ca26c2b72e369e29
SHA1 hash:	f7b9bf4d2142100221c14f59ed2f03e1fce1e4a2
MD5 hash:	659b038cd55298ed1a9d01b2cc3d1a87
humanhash:	violet-maine-equal-harry
File name:	Confirmación de datos bancarios,rar.rar
Download:	download sample
Signature	RemcosRAT Create hunting rule
File size:	159'414 bytes
First seen:	2020-10-23 17:38:42 UTC
Last seen:	Never
File type:	rar
MIME type:	application/x-rar
ssdeep	3072:V0w+aFF6CCSpUvz0MWdrYqj4FUsK3nkDOAei72ONWXTqC35EZFvC:+w+eFmDSYqjqltCAei7ZNKTH5yFK
TLSH	5EF312573B0636563208CD8AB7E41E6E27B08AE058E14FCD058C9529578EEDBCD79BE0
Reporter	abuse_ch
Tags:	ESP geo rar RAT RemcosRAT

abuse_ch

Malspam distributing RemcosRAT:

From: Hierrosur <ventas@hierrosur.com.uy>
Subject: Detalles del banco
Attachment: Confirmación de datos bancarios,rar.rar (contains "Confirmación de datos bancarios,rar.exe")