MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ec05736133f139881f78e5ad32179c048ed7b9337d763f47c4b2f1c5a7afbef2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RemcosRAT


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ec05736133f139881f78e5ad32179c048ed7b9337d763f47c4b2f1c5a7afbef2
SHA3-384 hash: 716426ceab28bc044b50e2b842f0b0f539a33eadf8cab600ff173cfdf0e1453c6945f18774715d06789b268cbaed6c5a
SHA1 hash: 9528cfc4c58e49a2529db6eee6b96ec670c1785c
MD5 hash: 7c7105be9cfbfbed69c225a177372914
humanhash: mexico-montana-nuts-apart
File name:DOCUMENTO WAYBILL.iso
Download: download sample
Signature RemcosRAT
Create hunting rule
File size:968'704 bytes
First seen:2020-11-09 19:35:55 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 12288:Rd+CC6w6Uka7Xj82DJIUb+hMH6FpfMHga:R8vbBp4fag
TLSH 5A25344810AA238AD07337BD5B74388183B5EA5772F8C9E7029CBBB1EE9DC355771A05
Reporter abuse_ch
Tags:DHL iso RAT RemcosRAT


Avatar
abuse_ch
Malspam distributing RemcosRAT:

HELO: onion.viviotech.net
Sending IP: 162.217.171.146
From: DHL Express <Delivery@dhl.com>
Subject: DHL EnvĂ­o, factura aduanera 3709392691
Attachment: DOCUMENTO WAYBILL.iso (contains "DOCUMENTO WAYBILL.exe")

RemcosRAT C2:
uzbektourism8739.ddns.net:6735 (23.105.131.133)

Intelligence

File Origin
# of uploads :
1
# of downloads :
70
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Iso_fs1729.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ec05736133f139881f78e5ad32179c048ed7b9337d763f47c4b2f1c5a7afbef2/
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=5qcxgyjt6e4yqh3y4wwtef44ashnpojtpv3d6r6ewly4lj5px3za._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RemcosRAT

iso ec05736133f139881f78e5ad32179c048ed7b9337d763f47c4b2f1c5a7afbef2

(this sample)

RemcosRAT

Executable exe c395c460b10a425db80c8a011fc8bade417c891014297d39fd8088de1ced23fc

  
Dropping
MD5 ba0b18017bb583efafe1d9d8f0d95ae0
  
Dropping
RemcosRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c395c460b10a425db80c8a011fc8bade417c891014297d39fd8088de1ced23fc

Comments