MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0c3853a3177ae7b8dc5a93d09c005bd5368dab374e68fce26151eaf52cc819d8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RemcosRAT

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	0c3853a3177ae7b8dc5a93d09c005bd5368dab374e68fce26151eaf52cc819d8
SHA3-384 hash:	072fbc67a087491a652af8ffc44e9608a7c2ae0f986851aac77c421a4a7b4c834cfaa727a230f8b331912e6752b82c49
SHA1 hash:	f1b25113d79cc71769e1b3680d0861e80ea15209
MD5 hash:	e67c6047c15acc8e236f0d317e1827f2
humanhash:	winner-sweet-carbon-artist
File name:	SecuriteInfo.com.Trojan.Malware.103970502.6668.6594
Download:	download sample
Signature	RemcosRAT Create hunting rule
File size:	2'571'264 bytes
First seen:	2021-09-28 11:17:59 UTC
Last seen:	2021-09-28 12:09:04 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	16c8c7a62c852018ed02e453e144c998 (6 x DarkGate, 2 x LummaStealer, 1 x RemcosRAT)
ssdeep	49152:dR/KpmZubPf2S8W2ILeWl+C1p9jWy5Snd0eigXN:j/jtYLP1Sy5E0
Threatray	185 similar samples on MalwareBazaar
TLSH	T106C55A16B288713ED4FB0B37893386505937BA61BA73CD5B5BF02A0C8F355902E3E656
File icon (PE):
dhash icon	b298acbab2ca7a72 (2'327 x GCleaner, 1'631 x Socks5Systemz, 67 x RedLineStealer)
Reporter	SecuriteInfoCom
Tags:	exe

Intelligence

File Origin

# of uploads :

2

# of downloads :

117

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

1

File name:

PolarisBiosEditor 1.7.2.zip

Verdict:

Malicious activity

Analysis date:

2020-11-25 19:34:18 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/793472c6-3f6a-4381-869b-6b84e6a0682a

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection(s):

PUA.Win.Packer.Exe-6

SecuriteInfo.com.Trojan.Malware.103970502.6668.6594.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/a1ffe7e9-f849-4389-b180-7a7c55afcdc5

Result

Threat name:

Unknown

Detection:

unknown

Classification:

n/a

Score:

6 / 100

Link:

https://www.joesandbox.com/analysis/859770

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/0c3853a3177ae7b8dc5a93d09c005bd5368dab374e68fce26151eaf52cc819d8/

Verdict:

unknown

Similar samples:

1d4b0364723c9502b095fb5e04c28d4b234513c6c21d2fa2ca730e75afb0f37f

3bf2809750deff99ea112aa8c0b4a5dd20a3e45c648de8b0ce942b1d76c340a5

5903ca7c770eb447d3d83e9dbc28469b172d74a4e9fb552db6c41db8e96db330

64e5b32569d9f0f8494b23e6ed44b0f5ab5fe96308751cf3c0b0bdbe82d88605

667eea281435836e7fbeb42879d95a8fb41a1327a4fe6af2e696e3b767657b05

6e8a0a30744ed0130a2b32997e03ba5c07339ddf22e76c7ca64882d5d3f8cc4f

7f38a7aaa38b085cb58239af935b98c38ea41acd4d489c57dea812a99792da02

88cea0f00eb3d4afd4328914e6de7fe98136ebf7a41846dc7c875317bf53385e

+ 175 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/210928-neacqsbhcl/

Unpacked files

SH256 hash:

0c3853a3177ae7b8dc5a93d09c005bd5368dab374e68fce26151eaf52cc819d8

MD5 hash:

e67c6047c15acc8e236f0d317e1827f2

SHA1 hash:

f1b25113d79cc71769e1b3680d0861e80ea15209

Link:

https://www.unpac.me/results/db093628-9b33-403c-ac13-47020b5aecfa/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/0c3853a3177ae7b8dc5a93d09c005bd5368dab374e68fce26151eaf52cc819d8

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample