MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d7bf5358e827fbc7a4b8b7606dad9dd9fb720af735c497ff4c94576de9004589. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RemcosRAT


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d7bf5358e827fbc7a4b8b7606dad9dd9fb720af735c497ff4c94576de9004589
SHA3-384 hash: aa3f1b6ca69da6aeaa8ef61be15e900480af88a2f272cacf3a5d7943d252e1bc4356803cb97bbbf24ff1dc82e28eba87
SHA1 hash: cce4aef6b6a3d88cdc914ff18c4c208558537a2d
MD5 hash: 226d097ec47e38f6d908c2872fb3cee5
humanhash: mockingbird-freddie-victor-sink
File name:SKM_454e20070310530.zip
Download: download sample
Signature RemcosRAT
Create hunting rule
File size:912'932 bytes
First seen:2020-07-29 05:31:44 UTC
Last seen:2020-07-29 05:32:05 UTC
File type: zip
MIME type:application/zip
ssdeep 24576:CnZorhvDgTAlwAGW4ItDnnTci+k2FUMkrlpmDtU8gtQoL:xh7gclwXW4coi+keUMaHetU8SQoL
TLSH CE1523E292F67FEFA692432A0415BCFBDCE385F49DFC68601EE6654A1A071CC3604536
Reporter abuse_ch
Tags:RemcosRAT ZeuS zip


Avatar
abuse_ch
Malspam distributing ZeuS:

HELO: mail.mojoka.tk
Sending IP: 45.147.162.151
From: Panda Kao / selina.chen - 陳靜怡 <admin@mojoka.tk>
Subject: (更新運費)萬達回覆紅蘿蔔運費報價 FM : TAICHUNG, TAIWAN TO: LOS ANGELES, USA (1 x 20') - RESEND
Attachment: SKM_454e20070310530.zip (contains "SKM_454e20070310530.scr")

ZeuS (Citadel) C2:
http://libertygiove.com/clips/gate.php

Intelligence

File Origin
# of uploads :
2
# of downloads :
1'454
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d7bf5358e827fbc7a4b8b7606dad9dd9fb720af735c497ff4c94576de9004589/
Threat name:
Win32.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-07-29 05:33:06 UTC
AV detection:
14 of 48 (29.17%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=267vgwhie754pjfyw5qg3lm53h5xecxxgxcjp72msrlw32iaiweq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Farheyt
Score:
0.80
Link:
https://yomi.yoroi.company/submissions/d7bf5358e827fbc7a4b8b7606dad9dd9fb720af735c497ff4c94576de9004589

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RemcosRAT

zip d7bf5358e827fbc7a4b8b7606dad9dd9fb720af735c497ff4c94576de9004589

(this sample)

ZeuS

Executable exe b1e971ba689623d9fbc5befb741a9d9e046515a0c05d0adc27a165471bc6303d

  
Dropping
MD5 f5b3048dd2e673f152d32b45a627f75a
  
Dropping
ZeuS
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b1e971ba689623d9fbc5befb741a9d9e046515a0c05d0adc27a165471bc6303d
  
Dropping
SHA256 6c882aeb918e424cefe1068a6d3fbff5526c31e185716bf3a0d5ae0295772f09
  
Dropping
MD5 6466b9e657e38501048da7869b1de39f

Comments