MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fa7103d6e38400e2e90627b2a2dfe1e5d7e5488f270669eec9923ae3a0fab522. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RemcosRAT


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fa7103d6e38400e2e90627b2a2dfe1e5d7e5488f270669eec9923ae3a0fab522
SHA3-384 hash: bb3e5fca3815262bc30a290c3930931e2b06fb021642ac73b48cd0e633da10b526cb45098ef2a2edcbeed2ec24adc9f0
SHA1 hash: c2054af1183d5def3587ad475837f41e18066b3d
MD5 hash: 1b31a08d2d92196ce30f52bd1d192016
humanhash: tennessee-alaska-georgia-freddie
File name:Serfinanza_Adjunto_2629653511053881772570606389_0341837033667832816718_20890740873481754212180400_86
Download: download sample
Signature RemcosRAT
Create hunting rule
File size:607'466 bytes
First seen:2020-12-17 08:32:50 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:LflWZ+5E6+6xCbo08y5QwlXeZqMa48nr2ZGnx/SwRszHVYaX8g592OwR:De8QbSy5rkpatAsxqIEYQ992PR
TLSH B0D4233989663DC377F5E00BC85D5E3826D8B61312E382A760EB565112E3839BCE4FE5
Reporter abuse_ch
Tags:ESP geo Outlook RAT RemcosRAT


Avatar
abuse_ch
Malspam distributing RemcosRAT:

HELO: NAM02-SN1-obe.outbound.protection.outlook.com
Sending IP: 40.92.5.53
From: info. Extracto <tesoreria14procolombia@outlook.es>
Subject: FACTURA EN MORA, REPORTE NEGATIVO EN DATACREDITO
Attachment: Serfinanza_Adjunto_2629653511053881772570606389_0341837033667832816718_20890740873481754212180400_86 (contains "Serfinanza_Adjunto_2629653511053881772570606389_0341837033667832816718_20890740873481754212180400_8679619701671447840714_pdf.exe")

RemcosRAT:
databasepropersonombrecomercialideasearchwords.services:7580 (186.169.37.63)

Intelligence

File Origin
# of uploads :
1
# of downloads :
91
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/fa7103d6e38400e2e90627b2a2dfe1e5d7e5488f270669eec9923ae3a0fab522/
Threat name:
ByteCode-MSIL.Trojan.Remcos
Create hunting rule
Status:
Malicious
First seen:
2020-12-17 08:33:07 UTC
AV detection:
8 of 48 (16.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=7jyqhvxdqqaof2ige6zkfx7b4xl6ksepe4dgt3wjsi5ohih2wura._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/fa7103d6e38400e2e90627b2a2dfe1e5d7e5488f270669eec9923ae3a0fab522

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RemcosRAT

rar fa7103d6e38400e2e90627b2a2dfe1e5d7e5488f270669eec9923ae3a0fab522

(this sample)

RemcosRAT

Executable exe d8d57620d6da63dbdfc7210c6ae721940e95e62f0473053e09770a2763c07ecf

  
Dropping
MD5 e81d4c114b6ae13713428df5881475ba
  
Dropping
RemcosRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d8d57620d6da63dbdfc7210c6ae721940e95e62f0473053e09770a2763c07ecf

Comments