MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f80ccdb5c9a3565a5fcfaddb71327a480648c9615687ecbfbc2dc93af1cb1d74. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RemcosRAT


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f80ccdb5c9a3565a5fcfaddb71327a480648c9615687ecbfbc2dc93af1cb1d74
SHA3-384 hash: 014917571e42f26606e21e59b4850805c0fe9f38877157a0df1955d72caa0ab660a106344b57618572f2ae26d5858bfe
SHA1 hash: a38cef93c17011a6ac82b981d5a5293cfd8c9598
MD5 hash: 23a8e6efbcd12679f115721e46b9d975
humanhash: vegan-nebraska-indigo-delaware
File name:INVOICE0980089.IMG
Download: download sample
Signature RemcosRAT
Create hunting rule
File size:137'934 bytes
First seen:2021-01-18 08:23:25 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 3072:JBzpzD86b+8qsL4fwQ8kaePG3/e9EIl66yfBoeD0:DNn86ba83G9dN
TLSH BCD312B37362EE09FFD33A5643957F2A4948999DFB41A0644958F046E34AF52C24B23C
Reporter abuse_ch
Tags:img RAT RemcosRAT


Avatar
abuse_ch
Malspam distributing RemcosRAT:

HELO: hosted-by.rootlayer.net
Sending IP: 185.222.58.152
From: shaik@sghcl.com.sa
Subject: Re: Invoice
Attachment: INVOICE0980089.IMG (contains "INVOICE0980089.exe")

RemcosRAT C2:
72.11.157.241:4445

Intelligence

File Origin
# of uploads :
1
# of downloads :
113
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Zip_fn25.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f80ccdb5c9a3565a5fcfaddb71327a480648c9615687ecbfbc2dc93af1cb1d74/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2021-01-18 05:38:13 UTC
AV detection:
19 of 46 (41.30%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=7agm3nojunlfux6pvxnxcmt2jaderslbk2d6zp54fxetv4oldv2a._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/f80ccdb5c9a3565a5fcfaddb71327a480648c9615687ecbfbc2dc93af1cb1d74

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RemcosRAT

zip f80ccdb5c9a3565a5fcfaddb71327a480648c9615687ecbfbc2dc93af1cb1d74

(this sample)

RemcosRAT

Executable exe 5bbd60cad168f89d677053a118f2b46db43e66dda2815dfc41e972b9d2067d69

  
Dropping
MD5 8f69889d68b8a1a762ec97fe28887191
  
Dropping
RemcosRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 5bbd60cad168f89d677053a118f2b46db43e66dda2815dfc41e972b9d2067d69

Comments