MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d240c3b838039dc74c47e4ad38f4dd88b8423c065d9d0fb31c713a2d1dda291d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RemcosRAT


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d240c3b838039dc74c47e4ad38f4dd88b8423c065d9d0fb31c713a2d1dda291d
SHA3-384 hash: ae2485c8e8cbddb0426df4834dd5dc7f593267b110cca3b6281131ee0e311c1383eb3582909b7066125b3786f74eb915
SHA1 hash: d40c209501d22d7ae09abe5b4fcf82a5a2a4d0bd
MD5 hash: fa2a48c955700316edc7d9f9e09a1207
humanhash: mexico-tennessee-romeo-michigan
File name:56161_PO_13.8.rar
Download: download sample
Signature RemcosRAT
Create hunting rule
File size:416'487 bytes
First seen:2020-08-13 11:00:18 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:eC2xaSwYvlDksx9FN7fK9vjNFuQTv5Al+LYNgXJJb:tVSwYvlYsx9LK97zuQTv6l78JR
TLSH CE9423D8DC5512DC3CD0B61530F8B6722462E14B2ED23B48682A30E76BBEF993691997
Reporter abuse_ch
Tags:rar RAT RemcosRAT


Avatar
abuse_ch
Malspam distributing RemcosRAT:

HELO: poydorus.t.mk
Sending IP: 195.26.152.36
From: Seneda Antovic <tanja@bargala.com.mk>
Subject: 2400 RFQ/19/003 - for our office
Attachment: 56161_PO_13.8.rar (contains "#56161_PO_13.8.exe")

RemcosRAT C2:
marketingsiamgrains.zapto.org:7762 (115.134.100.130)

Intelligence

File Origin
# of uploads :
1
# of downloads :
60
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d240c3b838039dc74c47e4ad38f4dd88b8423c065d9d0fb31c713a2d1dda291d/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2020-08-13 11:02:17 UTC
AV detection:
5 of 48 (10.42%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=2jamhobyaoo4otch4swtr5g5rc4eepaglwoq7my4oe5c2ho2feoq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/d240c3b838039dc74c47e4ad38f4dd88b8423c065d9d0fb31c713a2d1dda291d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RemcosRAT

rar d240c3b838039dc74c47e4ad38f4dd88b8423c065d9d0fb31c713a2d1dda291d

(this sample)

RemcosRAT

Executable exe d5b1dfa52d7b7e4a025f3c2c9084005e6e41eb48b81711ae58ab1b641ef99e64

  
Dropping
MD5 0ea77d8f2114ab848d609e5eee93f177
  
Dropping
RemcosRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d5b1dfa52d7b7e4a025f3c2c9084005e6e41eb48b81711ae58ab1b641ef99e64

Comments