MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 dc43b768d643a516163d1bb3cdd32aa91599d0357b391fedf628bd5375e06818. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RemcosRAT


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: dc43b768d643a516163d1bb3cdd32aa91599d0357b391fedf628bd5375e06818
SHA3-384 hash: 8e796fde7f5a6fadde0484d91121f529b37cb667fdab103dfc5c607e20c5f3bb8637933d7d0f8e63c9d9e5a3253fc3e1
SHA1 hash: 266e9b61487979d0a445802edf5ab3ce29e383cc
MD5 hash: c295566d073affea84f1e58b284d29d0
humanhash: iowa-california-tango-stream
File name:DHL DECLARACIÓN DE CUENTAS -1301383112,pdf.iso
Download: download sample
Signature RemcosRAT
Create hunting rule
File size:1'044'480 bytes
First seen:2020-10-09 06:31:46 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 12288:1567B7vSUp06gjeGvzDya9yZwxnU4KKCeaJ3BPVlub3Qste1HpR8hJOactj+z0S0:TmB7vSbjv/ymISUSCJxPTGgO
TLSH D6254DC8F24079EED417CA728D745C20A6517C7A8337D20BA01B31AD9A7F587EE61CA7
Reporter abuse_ch
Tags:DHL iso RemcosRAT


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: cloudhost-1457425.us-midwest-1.nxcli.net
Sending IP: 8.29.157.202
From: InvoiceQuery@dhl.com
Subject: DHL DECLARACIÓN DE CUENTAS -1301383112
Attachment: DHL DECLARACIÓN DE CUENTAS -1301383112,pdf.iso (contains "DHL DECLARACIÓN DE CUENTAS -1301383112,pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/dc43b768d643a516163d1bb3cdd32aa91599d0357b391fedf628bd5375e06818/
Threat name:
ByteCode-MSIL.Infostealer.Agensla
Create hunting rule
Status:
Malicious
First seen:
2020-10-08 15:38:58 UTC
AV detection:
18 of 48 (37.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=3rb3o2gwiosrmfr5doz43uzkvekztubvpm4r73pwfc6vg5panama._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/dc43b768d643a516163d1bb3cdd32aa91599d0357b391fedf628bd5375e06818

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RemcosRAT

iso dc43b768d643a516163d1bb3cdd32aa91599d0357b391fedf628bd5375e06818

(this sample)

RemcosRAT

Executable exe d18e31c42d64a21777bb04a3b0015d415050a6303ae3d864f129ecb50f0f87bb

  
Dropping
MD5 bdf307f12dba8b896156b15c91e97e2d
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d18e31c42d64a21777bb04a3b0015d415050a6303ae3d864f129ecb50f0f87bb

Comments