MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f4f100620658cb5c57f7de2870a2615276e0648d2396b99c2a37ac1bb51f565d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RemcosRAT


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f4f100620658cb5c57f7de2870a2615276e0648d2396b99c2a37ac1bb51f565d
SHA3-384 hash: e7a5d6719356b4e79dd4ff8f7359ccd6ebd4a969759bc485dcd327b0ceac4fe00fdfb0631ad3cba2f03b402c48a1eaec
SHA1 hash: ced343a3177e724eabf7a81c8bae8f46e67ef107
MD5 hash: 4f0ad06ed970a81cb6fadceef1186727
humanhash: pennsylvania-quiet-violet-asparagus
File name:PO2102-0010.rar
Download: download sample
Signature RemcosRAT
Create hunting rule
File size:756'314 bytes
First seen:2021-02-24 06:40:03 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:20+2G7tCev66+v+OUTgb7O/OyuONcRgHmD9uDlda6fVq3KxcQzTufCUJUcTW93wj:20+zk/6+WOUTFWON4A3ldq3KxcSTd8UU
TLSH 0AF4230ED970DC703F64E299F9253929E6E680989CF16F6CC62A68C3CB7DF64057198C
Reporter abuse_ch
Tags:rar RAT RemcosRAT


Avatar
abuse_ch
Malspam distributing RemcosRAT:

HELO: ded3564.inmotionhosting.com
Sending IP: 104.247.75.17
From: "Abdul Rahman"<support@a-zit.com>
Subject: PO2102-0010
Attachment: PO2102-0010.rar (contains "PO2102-0010.exe")

RemcosRAT C2:
severdops.ddns.net

Intelligence

File Origin
# of uploads :
1
# of downloads :
112
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f4f100620658cb5c57f7de2870a2615276e0648d2396b99c2a37ac1bb51f565d/
Threat name:
Win32.Trojan.Taskun
Create hunting rule
Status:
Malicious
First seen:
2021-02-24 06:40:20 UTC
AV detection:
9 of 47 (19.15%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=6tyqayqgldfvyv7x3yuhbitbkj3oazeneollthbkg6wbxni7kzoq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RemcosRAT

rar f4f100620658cb5c57f7de2870a2615276e0648d2396b99c2a37ac1bb51f565d

(this sample)

RemcosRAT

Executable exe e418958dc7d42216f8f151aef40df718df0a6a20d7d70c9954f7bd82953707a7

  
Dropping
MD5 dc849e8528780f9d1c18b8050e8a6001
  
Dropping
RemcosRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e418958dc7d42216f8f151aef40df718df0a6a20d7d70c9954f7bd82953707a7

Comments