MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 00e49a5eb1918f2760db2100a14e780ceeeab547e75e3ba915a38831c33e8587. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



LxBaseRAT


Vendor detections: 10


Intelligence 10 IOCs YARA 4 File information Comments

SHA256 hash: 00e49a5eb1918f2760db2100a14e780ceeeab547e75e3ba915a38831c33e8587
SHA3-384 hash: 9d20ec3f3a7c1ef6624ca02790c7d20cb3b814a0429404f4ebd5152c69a1e4072ebeb7726621d24f53bf058337630b43
SHA1 hash: 426885e4a4740bbd8c57e9d42b354c091bcf5414
MD5 hash: 34d280d26df5ce29c125e334cd7fa43e
humanhash: oscar-alabama-texas-virginia
File name:Remittance_copy.zip
Download: download sample
Signature LxBaseRAT
File size:1'230'648 bytes
First seen:2026-07-03 18:02:21 UTC
Last seen:2026-07-03 18:03:20 UTC
File type: zip
MIME type:application/zip
ssdeep 24576:E3bGuQeD2mrdDLddc5nxcyEQonPgb+71dYC95boE1hMA88L7Amgk2SGXTK:ErUPm/GnBEQ9S5dYCvc0hMrjmghSAG
TLSH T1334533397A7010A5AF3C81E86FECEC27985D1F8A8C70FD8C0B295F36A151361AE75522
Magika zip
Reporter TomU
Tags:LxBaseRAT zip

Intelligence


File Origin
# of uploads :
2
# of downloads :
49
Origin country :
CH CH
File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:Remittance copy.js
File size:3'189'073 bytes
SHA256 hash: e2aca5cae53681794c344f75e8af4f097b450b5825584d857936d5788d8d2cfe
MD5 hash: 895f7c818281fb92d35b234cef4d8e9b
MIME type:text/plain
Signature LxBaseRAT
Vendor Threat Intelligence
Verdict:
Malicious
Score:
81.4%
Tags:
obfuscate xtreme shell
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
downloader encrypted obfuscated repaired
Verdict:
Malicious
File Type:
zip
First seen:
2026-07-01T04:35:00Z UTC
Last seen:
2026-07-01T06:46:00Z UTC
Hits:
~10
Gathering data
Threat name:
Script-JS.Trojan.Heuristic
Status:
Malicious
First seen:
2026-07-03 18:06:06 UTC
File Type:
Binary (Archive)
Extracted files:
1
AV detection:
11 of 36 (30.56%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures


MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:ClamAV_Emotet_String_Aggregate
Rule name:Sus_CMD_Powershell_Usage
Author:XiAnzheng
Description:May Contain(Obfuscated or no) Powershell or CMD Command that can be abused by threat actor(can create FP)

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

LxBaseRAT

zip 00e49a5eb1918f2760db2100a14e780ceeeab547e75e3ba915a38831c33e8587

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments