MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 eb259ce7b5b27617fca5b4815aabe5dd79a99311b4f9ea766796ddfb7fc26fc8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RemcosRAT


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: eb259ce7b5b27617fca5b4815aabe5dd79a99311b4f9ea766796ddfb7fc26fc8
SHA3-384 hash: 6ffadfe965943489f391470a986bb72030a99f10a5192bd02744163cd447bb3e3c8fbfa1d579f5b9a008d91fec07d924
SHA1 hash: 34279ce43bd1720ed29200b99c8c025fc3414701
MD5 hash: bfe4b568c57d6d56fc67e267c21af958
humanhash: stairway-orange-march-sodium
File name:SERFINANZA_EXTRACTO_19768978168112539557746123_63962250059032645781378_8754399654516988247292837_820
Download: download sample
Signature RemcosRAT
Create hunting rule
File size:589'729 bytes
First seen:2020-11-20 07:50:47 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:+0KKMSZcVoM85UOQKQE3peGdfn9DOGjoYO99l7e4Cbka5O/96/GaiGtlGSSB8:IpSZcKM85UOQKQipz8G0Yil7e4Cwek4v
TLSH ACC423FCB8FC8296AFBF757293BCCA921C4FC4855663955DA8E6106435D0AE0ED70838
Reporter abuse_ch
Tags:Outlook RAT RemcosRAT


Avatar
abuse_ch
Malspam distributing RemcosRAT:

HELO: NAM02-CY1-obe.outbound.protection.outlook.com
Sending IP: 40.92.4.96
From: info. Extracto <tesoreria013procolombia@outlook.es>
Subject: EXTRACTO SERFINANZA.
Attachment: SERFINANZA_EXTRACTO_19768978168112539557746123_63962250059032645781378_8754399654516988247292837_820 (contains "SERFINANZA_EXTRACTO_19768978168112539557746123_63962250059032645781378_8754399654516988247292837_8203103868379045761962_pdf.exe")

RemcosRAT C2:
databasepropersonombrecomercialideasearchwords.services:7580 (186.169.53.6)

Intelligence

File Origin
# of uploads :
1
# of downloads :
102
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/eb259ce7b5b27617fca5b4815aabe5dd79a99311b4f9ea766796ddfb7fc26fc8/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=5mszzz5vwj3bp7ffwsavvk7f3v42teyrwt46u5ths3o7w76cn7ea._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RemcosRAT

rar eb259ce7b5b27617fca5b4815aabe5dd79a99311b4f9ea766796ddfb7fc26fc8

(this sample)

RemcosRAT

Executable exe b8bcf3a59b89b2ebc0fb7cfba5f8f726de83b08acd072b55c557cf89d16210c9

  
Dropping
MD5 f2ed7ba4dca19884e2ec7d4b7c528abe
  
Dropping
RemcosRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b8bcf3a59b89b2ebc0fb7cfba5f8f726de83b08acd072b55c557cf89d16210c9

Comments