MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 eb4282c0ec92b176b50050689711315ccdfa9c928d554f4d27994a4a10d03233. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RemcosRAT


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: eb4282c0ec92b176b50050689711315ccdfa9c928d554f4d27994a4a10d03233
SHA3-384 hash: 6559d9404424e105ac946fb0742fe06d6adb03bbba247cea4de3081ef91b5890645350538a14a9ad938455e4dd8cac67
SHA1 hash: 4b9e8187b90550ea2c766171ec6d04420420aaf9
MD5 hash: 4e31156c0e771d3730a95d7f0e6c49c1
humanhash: gee-iowa-twenty-magazine
File name:ORDEN_FH87565635456.iso
Download: download sample
Signature RemcosRAT
Create hunting rule
File size:987'136 bytes
First seen:2021-02-12 19:01:17 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 12288:jTDsbND5zANBIdBM3npcpRCoDaMycZ+PCv8:jToHmBIupcpRtDoc/v8
TLSH AE25A4F2AC0E8E60F05B153CE84AFA7818767CF539194166AFD47B0ADAB7318791047B
Reporter abuse_ch
Tags:iso RAT RemcosRAT


Avatar
abuse_ch
Malspam distributing RemcosRAT:

HELO: server.doole.io
Sending IP: 188.40.83.134
From: Giberto <info@industrialmexicana.com>
Subject: PEDIDO DE COMPRA FH87565635456
Attachment: ORDEN_FH87565635456.iso (contains "ORDEN_FH87565635456.exe")

RemcosRAT C2:
marstonstyl247.ddns.net

Intelligence

File Origin
# of uploads :
1
# of downloads :
153
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Result
Verdict:
SUSPICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/eb4282c0ec92b176b50050689711315ccdfa9c928d554f4d27994a4a10d03233/
Threat name:
Win32.Backdoor.Remcos
Create hunting rule
Status:
Malicious
First seen:
2021-02-13 00:39:59 UTC
AV detection:
14 of 29 (48.28%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=5nbifqhmskyxnniakbujoejrltg7vhesrvku6tjhtffeuegqgizq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/eb4282c0ec92b176b50050689711315ccdfa9c928d554f4d27994a4a10d03233

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RemcosRAT

iso eb4282c0ec92b176b50050689711315ccdfa9c928d554f4d27994a4a10d03233

(this sample)

RemcosRAT

Executable exe 2a344d464465069aa8739a45ecba1b6de4ef4ba4cc2b8128af5a54112c507058

  
Dropping
MD5 94de7df5c9be036f9a12f8dcb48d0b88
  
Dropping
RemcosRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 2a344d464465069aa8739a45ecba1b6de4ef4ba4cc2b8128af5a54112c507058

Comments