MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f0d38f54ca354ceca47f03cf344598c221dc6637185c98462f50ff36127bcd7b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RemcosRAT


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f0d38f54ca354ceca47f03cf344598c221dc6637185c98462f50ff36127bcd7b
SHA3-384 hash: 78787fc39a0566a9c7b99f5a8865eedf52d4be78ed14a51a8b44aeff300ea5b1a720a5e8d666b3bc950cf7b25c51c5c6
SHA1 hash: e6cb5aac2ca0ed91fc19369a1c291d6470428c80
MD5 hash: 8014a7947f10a4c42d016552899da85b
humanhash: oregon-eighteen-early-jersey
File name:Order inqiury_8465.img
Download: download sample
Signature RemcosRAT
Create hunting rule
File size:1'572'864 bytes
First seen:2020-10-21 10:02:42 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:ufZUrIlSllyg6ti56ndwl3t7lx92AyoMARYqgXUsLq891vNHBXqw76PZDKjYkYsK:DIlSYq891vNHBXqw76P8YkjBIbTXha
TLSH 78757A0F3696F835E7CD7BB88E82E4681339A53306604A5E70D706FCC76149739968FA
Reporter abuse_ch
Tags:img RemcosRAT


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: alias7.gemini.surf
Sending IP: 185.192.245.231
From: Caecilia Egger <admin@gemini.surf>
Subject: ORDER INQUIRY
Attachment: Order inqiury_8465.img (contains "Order inqiury_8465.scr")

Intelligence

File Origin
# of uploads :
1
# of downloads :
70
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f0d38f54ca354ceca47f03cf344598c221dc6637185c98462f50ff36127bcd7b/
Threat name:
Win32.Trojan.Tiggre
Create hunting rule
Status:
Malicious
First seen:
2020-10-20 21:50:41 UTC
AV detection:
15 of 28 (53.57%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=6djy6vgkgvgozjd7aphtirmyyiq5yzrxdbojqrrpkd7tmet3zv5q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RemcosRAT

img f0d38f54ca354ceca47f03cf344598c221dc6637185c98462f50ff36127bcd7b

(this sample)

RemcosRAT

Executable exe ca60958a09d1cd5817504857d90b846a9ce6f6ee1bed7686318b3741108b709c

  
Dropping
MD5 c6a290e21d11dcb1608028cbad118efb
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ca60958a09d1cd5817504857d90b846a9ce6f6ee1bed7686318b3741108b709c

Comments