MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0e7faf90a4ffc24f38e6fc171b9a5faa7b285fde26a77e8bcac1366ecc22a827. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RemcosRAT


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0e7faf90a4ffc24f38e6fc171b9a5faa7b285fde26a77e8bcac1366ecc22a827
SHA3-384 hash: acf779b43d48ec640e34bee347002860d3eac852c378d744bd6ad8b08cee39b4ee53a6614773afd08f9c2751a158f829
SHA1 hash: 61de41881e270cc56a36c8b4b3e28e0f04f4856f
MD5 hash: 2b3872dc7cb6fdfe00f6639130b80691
humanhash: neptune-failed-oranges-delta
File name:SecuriteInfo.com.Trojan005690e01.15780.23189
Download: download sample
Signature RemcosRAT
Create hunting rule
File size:100'352 bytes
First seen:2021-10-06 23:14:39 UTC
Last seen:2021-10-07 00:04:54 UTC
File type:Excel file xlsx
MIME type:application/vnd.ms-excel
ssdeep 1536:n9huSNn4HmjjanRpJUY/3x9wsMLdNh95s3YUFyVIL0LYId9O3P5Ut:qSsmKn/OQx9z8N5sIayjO3P5Ut
TLSH T193A312BD0672E805E884B6309CF9371EA2F44EBD59C640D2D3ABB7DA90718523477379
Reporter SecuriteInfoCom
Tags:xlsx

Office OLE Information

This malware samples appears to be an Office document. The following table provides more information about this document using oletools and oledump.

OLE dump

MalwareBazaar was able to identify 3 sections in this file using oledump:

Section IDSection sizeSection name
14096 bytesDocumentSummaryInformation
24096 bytesSummaryInformation
389830 bytesWorkbook

Intelligence

File Origin
# of uploads :
2
# of downloads :
261
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
SecuriteInfo.com.Trojan005690e01.15780.23189
Verdict:
No threats detected
Analysis date:
2021-10-06 23:16:34 UTC
Tags:
macros macros40
Link:
https://app.any.run/tasks/a1dd4075-7d3d-4c9b-a4f9-3564c891c079

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/195568/
Detection(s):
SecuriteInfo.com.Trojan005690e01.15780.23189.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malicious
File Type:
Legacy Office File
Link:
https://app.docguard.net/0e7faf90a4ffc24f38e6fc171b9a5faa7b285fde26a77e8bcac1366ecc22a827/results/dashboard
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
macros
Link:
https://www.filescan.io/uploads/615e2df9e3d213d202b90909/reports/f3439502-d7b7-4b47-96b8-78a6f12c66dc/overview
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/0e7faf90a4ffc24f38e6fc171b9a5faa7b285fde26a77e8bcac1366ecc22a827
Details
Excel 4.0 Macro
Document contains Excel 4.0 macros (XLM). A valid, albeit dated feature, this document should be treated with suspicion.
Result
Threat name:
Hidden Macro 4.0
Create hunting rule
Detection:
suspicious
Classification:
expl
Score:
20 / 100
Link:
https://www.joesandbox.com/analysis/865928
Signature
Yara detected password protected xls with embedded macros
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0e7faf90a4ffc24f38e6fc171b9a5faa7b285fde26a77e8bcac1366ecc22a827/
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/211006-28kbpabhhj/
Behaviour
Checks processor information in registry
Enumerates system info in registry
Modifies Internet Explorer settings
Suspicious behavior: AddClipboardFormatListener
Suspicious use of SetWindowsHookEx
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/0e7faf90a4ffc24f38e6fc171b9a5faa7b285fde26a77e8bcac1366ecc22a827

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/195568/

Comments