MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ea60ca9fd9208d1942590cebaf2e99b4b44b77299ea29fd3e5904113bc6260da. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RemcosRAT


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ea60ca9fd9208d1942590cebaf2e99b4b44b77299ea29fd3e5904113bc6260da
SHA3-384 hash: 493bc794c2366f47e2c91786e81b4c0dcfa148a61f91c446d337676ff2d9e4858f93c1c521a20027f5c314bfc888a5ad
SHA1 hash: 50b24e32037a7b051f96464174d477962715c66e
MD5 hash: e93d8f846e3cbb931b14edb842467cf2
humanhash: potato-friend-speaker-fifteen
File name:Shipment Receipt.lz
Download: download sample
Signature RemcosRAT
Create hunting rule
File size:233'369 bytes
First seen:2021-01-14 06:54:00 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:Z+vRM1ju+0EHZyROpkV6diWINRw2agnwyVv+:8wj/0owRuKjzbB2
TLSH BB3422D1A2E079C155CF632C2C07A4504AADF4A5E2CEFFBDE0833691A9A4B1D1583E5F
Reporter abuse_ch
Tags:DHL lz


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: myown.theworkpc.com
Sending IP: 185.136.170.229
From: DHL EXPRESS <delivery@dhlexpress.top>
Subject: Shipment Arrival Notification
Attachment: Shipment Receipt.lz (contains "Shipment Receipt.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
105
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ea60ca9fd9208d1942590cebaf2e99b4b44b77299ea29fd3e5904113bc6260da/
Threat name:
Win32.Trojan.Graftor
Create hunting rule
Status:
Malicious
First seen:
2021-01-14 06:54:10 UTC
AV detection:
13 of 46 (28.26%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=5jqmvh6zecgrsqszbtv26luzws2ew5zjt2rj7u7fsbarhpdcmdna._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/ea60ca9fd9208d1942590cebaf2e99b4b44b77299ea29fd3e5904113bc6260da

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RemcosRAT

rar ea60ca9fd9208d1942590cebaf2e99b4b44b77299ea29fd3e5904113bc6260da

(this sample)

RemcosRAT

Executable exe fe719ecb5f04ed964bd5fdecc2085bdb1518358c65d12462fcddb66a6015740d

  
Dropping
MD5 ff18c255222072cfb586481fb1df38e8
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 fe719ecb5f04ed964bd5fdecc2085bdb1518358c65d12462fcddb66a6015740d

Comments