MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f6ade854be4a89dea0ee2095421750888357980b7afaa3fb484e617b64228f50. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RemcosRAT


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f6ade854be4a89dea0ee2095421750888357980b7afaa3fb484e617b64228f50
SHA3-384 hash: 57827e78eb16dc360e8343dbd78c81a91e8a73ea4ea890551e11132c8fcc081010905abb4f2004b136d09540129176ef
SHA1 hash: 1a7bbfadd8b94a936a13b4a83a56bbe6d1af8ce2
MD5 hash: ad7777d6ec68f3e910748ec2aebfd63f
humanhash: fillet-lamp-november-maryland
File name:OC CVE6535 _TVOP-MIO 21C 2020,pdf.iso
Download: download sample
Signature RemcosRAT
Create hunting rule
File size:567'296 bytes
First seen:2020-10-22 06:24:45 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 3072:fuuA+RNhXYTL6t8fj1zTAx/kWhFp3XWEX6JXhluKGvb/Yu:fc+tYKts
TLSH 95C4933CADD52237E6B6D6B6C9F509DBFA11785331566C0E50DB23820A23B977EC201E
Reporter abuse_ch
Tags:iso RAT RemcosRAT


Avatar
abuse_ch
Malspam distributing RemcosRAT:

HELO: naboo.endor.pl
Sending IP: 91.194.229.149
From: Nelly Juarez Reyes <njuarez@plasticoskasse.com.ar>
Subject: RE: CONFIRMACIÓN DE PEDIDO CVE6535
Attachment: OC CVE6535 _TVOP-MIO 21C 2020,pdf.iso (contains "OC CVE6535 _TVOP-MIO 21(C) 2020,pdf.exe")

RemcosRAT C2:
insidelife1.ddns.net

Intelligence

File Origin
# of uploads :
1
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Trojan.Generic-6629274-0
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f6ade854be4a89dea0ee2095421750888357980b7afaa3fb484e617b64228f50/
Threat name:
ByteCode-MSIL.Spyware.Stelega
Create hunting rule
Status:
Malicious
First seen:
2020-10-21 14:37:00 UTC
AV detection:
16 of 28 (57.14%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=62w6qvf6jke55ihoeckuef2qrcbvpgalpl5kh62ijzqxwzbcr5ia._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RemcosRAT

iso f6ade854be4a89dea0ee2095421750888357980b7afaa3fb484e617b64228f50

(this sample)

RemcosRAT

Executable exe 878643568188dd7d9aace8ab1eeb2d239b40813156ead079638f17ddc7d2fd83

  
Dropping
MD5 d0aa4ce86b20ebd6f24d7b0727caa8d9
  
Dropping
RemcosRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 878643568188dd7d9aace8ab1eeb2d239b40813156ead079638f17ddc7d2fd83

Comments