ThreatFox IOC Database

You are viewing the ThreatFox database entry for domain mail.mastercoa.co.

Database Entry


IOC ID:841330
IOC: mail.mastercoa.co
IOC Type :domain
Threat Type :botnet_cc
Malware: Remcos
Malware alias:RemcosRAT, Remvio, Socmer
Confidence Level : Confidence level is high (100%)
First seen:2022-08-04 00:04:37 UTC
Last seen:never
UUID:077e1e61-1389-11ed-81fa-42010aa4000a
Reporter @AndreGironda
Reward 5 credits from ThreatFox
Tags:remcos
Reference: https://tria.ge/220803-3sjkwshfhp

Twitter
@AndreGironda
MITRE T1566.001
Date: Wed, 03 Aug 2022 15:00-15:30 -0700
Received: from cld9-0121-3337.cpanel.ge (185.229.108.75)
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="=_38c5953db9c58a5cc5a8e7e713c45072"
From: Salome Bardavelidze <info@decouprint.gr>
To: undisclosed-recipients:;
Subject: Re: : Re: New orders August 2022
Message-ID: <53b9b4cfef917b3761692b1d31188a66@decouprint.gr>
X-Sender: info@decouprint.gr
User-Agent: Roundcube Webmail/1.3.7
Return-Path: info@decouprint.gr
Attachment Name: FA0000017284..doc
Maldoc SHA256: 3562284d7be5e950a325d4cd3901a1f0dca1b2dbbcb96f49e8be81e65ec010b6
Stage 1 URL: hXXp://84[.]38.129.115/ships/https.doc
Stage RTF SHA256: 3831a6f6d4143aa3d70563d5938fffb79ef462d28aeb4300797d9e8db3611562
Stage 2 URL: hXXp://84[.]38.129.115/99/vbc.exe
Stage Executable SHA256: 77ed7f099d383a993b3ee6383ec343a3eda6b117f53febd01a1dc10c63cfea09
Remcos Unpacked Executable SHA256: 351098eeec4d40b498d2b23c37574de4c772605c48f1eeaf77c0f87c871f87bd