MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d160d09d0b7fdf0752c103e25c74691f218a250d7bb6a75fcae3dee6e09a1b16. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RemcosRAT


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d160d09d0b7fdf0752c103e25c74691f218a250d7bb6a75fcae3dee6e09a1b16
SHA3-384 hash: 8d16b80bd18819f016f7daca0b6ebbe0036aa3159f2916df276c51257dd5840ad5314ec864497f6cbf825bb8695d8d0c
SHA1 hash: 36d27194bda549691a9822c134c42a9799c5e687
MD5 hash: aa1c413928ac12d276a8fb303701f716
humanhash: friend-connecticut-queen-iowa
File name:Cobro Juridico_0565048607_5104702_23918226873513229_945916769_9361784995141114_659091236144.tgz
Download: download sample
Signature RemcosRAT
Create hunting rule
File size:614'644 bytes
First seen:2020-11-19 07:16:32 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:kjOCSzUFISO0RoLsueAJy/QF0dfGLefnRSwz+sqogAj4bwC4+pFmOz:cOCSeI+o4udy/sufGLe/RtCLwC4+jmk
TLSH D2D423DF7EB4BAB39A5B08A2F8AA5D947C9021C64DD988199BF83095FDC144F0B1F4C1
Reporter abuse_ch
Tags:Outlook RAT RemcosRAT tgz


Avatar
abuse_ch
Malspam distributing RemcosRAT:

HELO: NAM12-DM6-obe.outbound.protection.outlook.com
Sending IP: 40.92.22.47
From: Marcela Villalobos Hurtado <marcela_villalobosh@hotmail.com>
Subject: COBRO JURIDICO SERFINANZA.
Attachment: Cobro Juridico_0565048607_5104702_23918226873513229_945916769_9361784995141114_659091236144.tgz (contains "Cobro Juridico_0565048607_5104702_23918226873513229_945916769_9361784995141114_659091236144_pdf.exe")

RemcosRAT C2:
databasepropersonombrecomercialideasearchwords.services:7580 (186.169.53.6)

Intelligence

File Origin
# of uploads :
1
# of downloads :
113
Origin country :
n/a
Vendor Threat Intelligence
Result
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d160d09d0b7fdf0752c103e25c74691f218a250d7bb6a75fcae3dee6e09a1b16/
Threat name:
ByteCode-MSIL.Backdoor.Remcos
Create hunting rule
Status:
Malicious
First seen:
2020-11-19 07:17:04 UTC
AV detection:
13 of 29 (44.83%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=2fqnbhilp7pqouwbaprfy5djd4qyujinpo3kox6k4pponye2dmla._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RemcosRAT

rar d160d09d0b7fdf0752c103e25c74691f218a250d7bb6a75fcae3dee6e09a1b16

(this sample)

RemcosRAT

Executable exe ea7caecf45fc75ba512efd3cf878800893c2a43ae66fc0a9a452687ba26c1025

  
Dropping
MD5 4dfc3cf849a698f44db1e5599191e517
  
Dropping
RemcosRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ea7caecf45fc75ba512efd3cf878800893c2a43ae66fc0a9a452687ba26c1025

Comments