MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d74d145a490143aa9b5088044bd31e46042dde2522600d119948e7914f1c4a10. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 1 File information 3 Yara 2 Comments

SHA256 hash: d74d145a490143aa9b5088044bd31e46042dde2522600d119948e7914f1c4a10
SHA1 hash: bf8263ab1b668f06a37eb84417775426263933c8
MD5 hash: 987e45a2ad1a7c6b11697c56c1c1eca1
File name:PO87155-05232020.scr
Download: download sample
Signature RemcosRAT
File size:316'928 bytes
First seen:2020-05-23 11:57:58 UTC
Last seen:2020-05-23 13:13:05 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744
ssdeep 6144:ePF3GLJImiaJE64FWsF6/CoRwUj4hyDyC0kZKV6DVht1z:ePF3GLMtmKTyIymksof
TLSH 4E648C2D439CAA9BD6BD77BAD4D54108E2FA8DAF7119E38ADC4234E51B3B343E402147
Reporter @abuse_ch
Tags:RAT RemcosRAT scr


Twitter
@abuse_ch
Malspam distributing RemcosRAT:

HELO: server.rentabilizandonegocios.com
Sending IP: 185.50.199.142
From: Aadrik Banerjee <info@satco.sa>
Subject: #PO87155-05232020
Attachment: PO87155-05232020.IMG (contains "PO87155-05232020.scr")

RemcosRAT C2:
206.123.129.103:4565

Intelligence


Mail intelligence
Trap location Impact
Global Low
# of uploads 2
# of downloads 30
Origin country US US
ClamAV SecuriteInfo.com.MSIL.Kryptik.UCB.9685.UNOFFICIAL
VirusTotal:Virustotal results 20.55%

Yara Signatures


Rule name:ach_RemcosRAT
Author:abuse.ch
Rule name:win_remcos_auto
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RemcosRAT

Executable exe d74d145a490143aa9b5088044bd31e46042dde2522600d119948e7914f1c4a10

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments