MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f17d48c8d179de191e519fa908648b977c09f91803b898d8e4fada52e423a8df. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RemcosRAT

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	f17d48c8d179de191e519fa908648b977c09f91803b898d8e4fada52e423a8df
SHA3-384 hash:	625a2a673cd50fa0c5452ecf56ccc64253c67d12720cf161ece827d69a339b7105f926660689498416516963fdbef8a2
SHA1 hash:	775dc1c5d77b0bbbc5c27aabbafa46ca2e21cc24
MD5 hash:	63e36e7345f80e31c5f390ff0516120c
humanhash:	india-arkansas-kansas-chicken
File name:	QUALITAT.EXE
Download:	download sample
Signature	RemcosRAT Create hunting rule
File size:	102'400 bytes
First seen:	2020-03-19 06:30:22 UTC
Last seen:	2020-03-19 09:17:22 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	195e4fcc89a9ed471dd5eac3fc63d544 (1 x RemcosRAT)
ssdeep	1536:cdD8EvtvPTiAUNnfbZ0kX2AOGwvVST2vF:OAEvF7R2bV3OGwvVSTSF
Threatray	611 similar samples on MalwareBazaar
TLSH	60A36C83F240D969D8DE863D5C1BCF5012077DAAB991D54B3A85BB0F29F30428E6E61F
Reporter	cocaman
Tags:	exe RemcosRAT

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

Win.Trojan.Vebzenpak-7639767-0

Win.Trojan.Vebzenpak-7640209-0

Gathering data

Threat name:

Win32.Trojan.Injector

Status:

Malicious

First seen:

2020-03-19 01:48:01 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

27 of 31 (87.10%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=6f6ursgrphpbshsrt6uqqzels56at6iyao4jrwhe7lnffzbdvdpq._file

Verdict:

malicious

Label(s):

hawkeyekeylogger

emotet

guloader

RemcosRAT

3484fffe14e6d045c8a5c568187f686d4479693dadb3fc4631b7d307000b5148

RemcosRAT

654dcb8cbaca77d6679523c36f44ea656e39a97ce7e4d6f91b089fe8d54f9787

RemcosRAT

6591794758496511c22b638fc57b5d58943670a72568dfa92f29a08c501c73d6

RemcosRAT

90ac03fc8e415f4767b91b37351b75c5fce5e1b3b4f7a4b280cde86592c4cdd2

RemcosRAT

b4d2f2e28311317f4e568f4245c251cb0eb314e391223b2077d183e3d0de5738

RemcosRAT

c689edeb2bea45f5a7e6402ba51dc23e40e6c8b509841f60cb3d7327340b9b60

RemcosRAT

c87a719713c51891fa7b0def4b093441934d9f60ef8bd52951e2efb9a030f59c

RemcosRAT

d74d145a490143aa9b5088044bd31e46042dde2522600d119948e7914f1c4a10

RemcosRAT

fd4d0c198aa010dee3d726fe7d7a526725b51404c1684b7df9d520455e5d16ec

RemcosRAT

+ 601 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Unknown

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/f17d48c8d179de191e519fa908648b977c09f91803b898d8e4fada52e423a8df

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RemcosRAT

001 c124d47b93d73f9bf5b19516a20019ff3c225625a3e56dfb6a8551ba120eb807

RemcosRAT

exe f17d48c8d179de191e519fa908648b977c09f91803b898d8e4fada52e423a8df

(this sample)

Delivery method

Other

Dropped by

SHA256 c124d47b93d73f9bf5b19516a20019ff3c225625a3e56dfb6a8551ba120eb807

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_NX	Missing Non-Executable Memory Protection	critical
CHECK_PIE	Missing Position-Independent Executable (PIE) Protection	high

Reviews

ID	Capabilities	Evidence
VB_API	Legacy Visual Basic API used	MSVBVM60.DLL::EVENT_SINK_AddRef

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample