MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 575c275cfe07d8be90d21a93cc1f651ceaa60b230e771c8c853d8370a221fe77. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RemcosRAT


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 575c275cfe07d8be90d21a93cc1f651ceaa60b230e771c8c853d8370a221fe77
SHA3-384 hash: ca8ddfa6e89688c82a8df1c29b6280a4c2fddafbea4fe8910a5ea94658eed6b77a7696b7c5090cb84d04a13a1724a60f
SHA1 hash: cdc5182b1498586efb8f6b72a0a19f01551aa23b
MD5 hash: ed30d2c1156ee0a3193860d249c0184c
humanhash: violet-idaho-mississippi-failed
File name:readme.exe
Download: download sample
Signature RemcosRAT
Create hunting rule
File size:621'568 bytes
First seen:2020-06-24 07:11:35 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 37ec15e12a6a58142524cbf63ac13fd6 (6 x RemcosRAT, 2 x FormBook, 1 x NetWire)
ssdeep 12288:BARldIm597ql0ynjNHEJRXZdL38YN2rg7qWWWy/z:CXHql9njNHE5Z3PN2Yy/z
Threatray 931 similar samples on MalwareBazaar
TLSH 24D4AF33F2C08876C57E29B9AD0F45E5951ABE757E18688A3BCC1E4C4FBD2913C29193
Reporter jarumlus
Tags:RemcosRAT

Intelligence

File Origin
# of uploads :
1
# of downloads :
77
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/13537/
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

SecuriteInfo.com.AI.Packer.AEC3198E21.9706.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/575c275cfe07d8be90d21a93cc1f651ceaa60b230e771c8c853d8370a221fe77/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-23 17:04:15 UTC
AV detection:
38 of 48 (79.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=k5ocoxh6a7ml5egsdkj4yh3fdtvkmczdbz3rzdefhwbxbirb7z3q._file
Verdict:
malicious
Label(s):
remcos
Create hunting rule
Similar samples:
05eabdc668ca2295147294741ebfc75777c6453cee15fef08a8e9408030a4d41
RemcosRAT
3b0f6129ac1124a021197f9fbbd0edd587fd763f622f47020eed504ba0e36805
RemcosRAT
588a67a610dd3cc4803c3c54d4bbb0c197d542b69cc79bff6559b24e42f09107
RemcosRAT
5c9667b60610ff2eeb6b26096b7ac951ed3d59fc716a6b8aa1c94c38658b0db7
RemcosRAT
738ea925d9f26dc03c18efd41de5e310285a36eef0147e7767a25dcf3fb1b24d
RemcosRAT
a5f2366c498c4f33ec95d923ceef75d73855181b8bf3c2d28ac1407eadf1bbd1
RemcosRAT
af1cf572150e95fd75306a13eb3d2306e1e1fb4ef6c238f53f30f2525389e07b
RemcosRAT
b2f999593d2004d1ea8797e0d1a20096b204e5211d1b39b5e4998e7835555e41
RemcosRAT
c59842c19c1b3f0171b40eebfb3e98ddccc4237edcaaa62990a0881ee1f6f798
RemcosRAT
d507ed9c29f7392e025b68e345b59961c392826aaf41a3992dbab7aff0253e6a
RemcosRAT
+ 921 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  6/10
Tags:
evasion spyware trojan
Link:
https://tria.ge/reports/200624-3jk6v5h4zx/
Behaviour
Suspicious use of WriteProcessMemory
Modifies system certificate store
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

2d9f9f532bc82bf342059a465ac987a3c0ace3743c5b0daafa3b4724b275a659

RemcosRAT

Executable exe 575c275cfe07d8be90d21a93cc1f651ceaa60b230e771c8c853d8370a221fe77

(this sample)

  
Dropped by
MD5 9e6aad6cb1f69e12b717ad6e518945d9
  
Dropped by
SHA256 2d9f9f532bc82bf342059a465ac987a3c0ace3743c5b0daafa3b4724b275a659
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/13537/

Comments