MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 002205bb150a86c419fed04d3cd85dfd67d04ff570555b0ba42d8fc171fb92fa. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RemusStealer


Vendor detections: 13


Intelligence 13 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 002205bb150a86c419fed04d3cd85dfd67d04ff570555b0ba42d8fc171fb92fa
SHA3-384 hash: 5b57a51c2a88f3220e6b2963a35c55f234c2310a687bf21a654b1b0b85eb5a96a18b64eb09975c24d902372092ebf6a3
SHA1 hash: eff8d3a2e10715ccb64046d0f20c3400767d1917
MD5 hash: 71ff12fbab703fad1b3ee3795161e6ee
humanhash: september-emma-leopard-charlie
File name:002205bb150a86c419fed04d3cd85dfd67d04ff570555b0ba42d8fc171fb92fa
Download: download sample
Signature RemusStealer
Create hunting rule
File size:229'376 bytes
First seen:2026-06-05 06:48:25 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash c81db0a320cdad5ab41c9a291ea9b6e9 (13 x RemusStealer, 11 x Smoke Loader)
ssdeep 3072:BtDPL086KvAq6wHgG08mEthZs6siURap67kJ:rz08pYq5tlthZseooJ
TLSH T1C924296BC35330FCD553C078926A6232BB72BA3D47319EE70292D7319D21EC0AE79665
TrID 51.9% (.EXE) Win64 Executable (generic) (6522/11/2)
16.1% (.EXE) OS/2 Executable (generic) (2029/13)
15.9% (.EXE) Generic Win/DOS Executable (2002/3)
15.9% (.EXE) DOS Executable (generic) (2000/1)
Magika pebin
Reporter JAMESWT_WT
Tags:Click-Hijacking-TDS exe RemusStealer

Intelligence

File Origin
# of uploads :
1
# of downloads :
126
Origin country :
IT IT
Vendor Threat Intelligence
No detections
Malware family:
n/a
ID:
1
File name:
exe
Verdict:
Malicious activity
Analysis date:
2026-06-05 07:11:42 UTC
Tags:
stealer remus
Link:
https://app.any.run/tasks/1b15b376-c010-4d8f-94e7-70396615cc1d

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/69107/
Detection(s):
SecuriteInfo.com.Trojan.DownLoader49.37809.27621.5957.UNOFFICIAL
Create hunting rule

Verdict:
Clean
Score:
84.2%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6a22717057b7bf261d610e2e
Tags:
n/a
Result
Verdict:
Malware
Maliciousness:

Behaviour
Сreating synchronization primitives
Using the Windows Management Instrumentation requests
Connection attempt to an infection source
Query of malicious DNS domain
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
adaptive-context packed
Link:
https://www.filescan.io/uploads/6a22716b099ef368af210912/reports/d7280f31-e6e0-4ad1-8b7c-558d37ff9b3c/overview
Verdict:
Malicious
Labled as:
Lazy.Generic
Link:
https://www.hybrid-analysis.com/sample/002205bb150a86c419fed04d3cd85dfd67d04ff570555b0ba42d8fc171fb92fa
Verdict:
Malicious
File Type:
exe x64
First seen:
2026-04-10T01:40:00Z UTC
Last seen:
2026-05-27T23:41:00Z UTC
Hits:
~100
Link:
https://opentip.kaspersky.com/002205bb150a86c419fed04d3cd85dfd67d04ff570555b0ba42d8fc171fb92fa/results?tab=lookup
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/766d8eae-dcb9-464c-b1cf-09e8c7de19a5
Score:
100%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/002205bb150a86c419fed04d3cd85dfd67d04ff570555b0ba42d8fc171fb92fa
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/002205bb150a86c419fed04d3cd85dfd67d04ff570555b0ba42d8fc171fb92fa/
Verdict:
Malicious
Threat:
Family.REMUS_STEALER
Link:
https://tip.neiki.dev/file/002205bb150a86c419fed04d3cd85dfd67d04ff570555b0ba42d8fc171fb92fa
Threat name:
Win64.Trojan.Lazy
Create hunting rule
Status:
Malicious
First seen:
2026-04-04 07:56:45 UTC
File Type:
PE+ (Exe)
AV detection:
27 of 36 (75.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=aaraloyvbkdmigp62bgtzwc57vt5at7vobkvwc5efwh4c4p3sl5a._file
Verdict:
malicious
Label(s):
remus
Create hunting rule
Similar samples:
error
RemusStealer
Result
Malware family:
remus_stealer
Create hunting rule
Score:
  10/10
Tags:
family:remus_stealer botnet:fd4bf67840a5d9016da257ddba5f2156 stealer
Link:
https://tria.ge/reports/260605-hljl4ac17m/
Malware Config
C2 Extraction:
http://coox.live:28313
http://padaz.pics:4219
http://baxe.pics:48261
Unpacked files
SH256 hash:
002205bb150a86c419fed04d3cd85dfd67d04ff570555b0ba42d8fc171fb92fa
MD5 hash:
71ff12fbab703fad1b3ee3795161e6ee
SHA1 hash:
eff8d3a2e10715ccb64046d0f20c3400767d1917
Link:
https://www.unpac.me/results/1e6e6f62-edd9-431a-a817-ffce15af90a2/
Malware family:
RemusLogger
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/002205bb150a/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/69107/

Comments